How to keep your IoT devices secure

When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

Investment in the Internet of Things (IoT) is booming.

By 2027 its predicted that there will be around 30 billionIoTdevices globally, double the number from 2022.

Nor are attacks against Linux systems the only vulnerabilities being exploited.

Richard Staynings is Chief Security Strategist at Cylera.

Seventy percent of medical devices are believed to be currently running unsupported windows operating systems.

Indeed, many of the medical devices attached to hospitalnetworkshave become the easy ingress point for attackers.

This leads to major security concerns.

It’s hundreds of devices.

This is especially so for consumer devices.

Once you purchase a consumer gear, you are on your own.

The business model of these manufacturers is based entirely upon sales with limited or no support included.

Even less could probably be bothered to do so.

An easily compromised IoT gadget can quickly lead to a compromised officelaptopor home PC.

All it takes is a home IoT camera doorbell or connected thermostat to accomplish that.

But these modules are manufactured under license in the PRC to supply both domestic and international needs.

IoT is not designed to be secure.

It is designed primarily to fulfil a functional purpose.

Once produced, rarely does anyone at the manufacturer look at the testing and publishing disclosures of security vulnerabilities.

In fact, many IoT devices are never patched for their entire lifespan.

Connected to the same data pipe as IT systems, unsegmented IoT offers an easy ingress opportunity for hackers.

Meanwhile manufacturers can take months or years to release patches leaving hospitals vulnerable to cyberattack in the meantime.

Compensating security controls

The solution is to introduce additional compensating security controls.

Examples of NAC include Cisco ISE, Aruba ClearPass, Extreme NAC, and PAN Coretex, among others.

This however is labour-intensive and expensive to maintain.

In England this is now a requirement for all trusts to report DSPT vulnerabilities to NHS England.

In the US its a requirement under HIPAA.

We’ve featured the best online cybersecurity courses.