Attackers are increasingly gaining footholds into corporate environments to conduct ransomware or data theft operations via Internet-connected smart devices. Whether they be printers, lockers, aquariums, or conference rooms, these seemingly innocuous access points to corporate environments can provide attackers the critical initial access to conduct their attacks. These can also often be blind spots for many security teams.
When dropped into an organization’s digital environment for the first time and learning its surroundings, Darktrace often finds 15–20% more devices than anticipated. Most of these unexpected devices and areas of unsecured vulnerability result from an influx in IoT-enabled tech. This growing dependence on IoT devices will only continue to accelerate. There are currently more than 10 billion active IoT devices. This number is estimated to surpass 25.4 billion in 2030, though, by Darktrace’s predictions, it will in fact be much higher. We assess that almost all estimates around IoT usage by 2025 are too low.
As a result of the COVID-19 pandemic and hybrid work, the future workplace environment will only become more hands-free and interconnected. Broad adoption of 5G will not only mean more IoT devices, but also expanded capabilities as they become more efficient and highly connected.
People can walk in with an Internet-connected device on their wrist, or a security problem can enter a company through a newly updated Internet-connected vending machine. IT teams do not always know these devices are “smart” or vet them like they would with standard company technology.
IoT device manufacturers do not have a record of prioritizing the security of their devices, often sacrificing it for access and convenience, placing the burden on company security teams after the fact. Starting with one of these IoT devices that are typically not reinforced with security protocols makes it easier for a hacker to move laterally. Much like the threat from supply chains, it is easier for a hacker to go through an open window than a locked, guarded front door.
IoT compromise frequently appears as a lead threat across Darktrace’s global SOC operations. We have seen IoT devices intentionally brought into a corporate environment and used by an insider because of their small size, low signature, and capabilities, making them a powerful tool to evade traditional security defenses focused on external and known threats. Darktrace has even discovered crypto-mining malware on a door sensor, showcasing how creative attackers can get and all the different ways unsecured IoT can be misused.
IoT security is critical to prevent hackers from moving laterally throughout a company network. If hackers can breach one device within an organization’s digital environment, they can move to more critical devices with more sensitive data.
The good news is that security teams aren’t without resources to defend their environments. The first thing corporations need to have is a policy around IoT usage and adoption. The next and often most challenging step is increasing visibility and understanding of these shadow devices the instant they connect to the network in the first place. To meet this mission, some security teams use AI to identify the device and map ‘normal’ behaviors, then enforce a device’s behavior to disrupt any attacker’s efforts to use that device as an attack platform. Leveraging AI in this way also reduces the workload on already taxed security teams.
From a broader policy perspective, in tandem with internal security efforts, more pressure needs to be put on IoT manufacturers to make security a priority and part of the entire development and upgrade process. Disrupting attacks and hardening environments from attacker access points and attack vectors is everyone’s responsibility.
