September 15, 2015 By Douglas Bonderud 2 min read

Suddenly, every device is smart. From home security products to televisions, thermostats and even kitchen appliances, manufacturers are marketing the idea of an always-connected lifestyle — the Internet of Things (IoT) — for all they’re worth. The problem? According to the FBI’s Internet Crime Complaint Center (IC3), the spread of Internet-capable devices “also increases the target space for malicious cyber actors.” But what do new attack vectors look like, and what steps can users take to defend their online interests?

An All-Out Attack

As noted by the IC3 warning, networked devices can now take almost any form. If they’re hacked, there could be serious consequences not just for digital data but the physical world, as well. At the least worrisome end of the scale are issues like those faced by smart-TV-maker Samsung: Earlier this year users discovered that the television’s voice recognition system would capture and transmit any spoken data to certain third parties, regardless of context, Newsweek explained. The company’s Smart TV privacy policy pulled no punches: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

Next on the list are hacks to more sensitive technology like baby monitors. According to Fusion, a recent security test of nine different baby monitor models found that all came with significant security flaws. The biggest worry? That every camera came with a hidden or hard-coded account that consumers couldn’t change. Likely meant to serve as access for support or other admin functions, the practical effect is that attackers get an open door to almost any monitor on the market. It gets worse: As noted by Computerworld, researchers from the University of South Alabama recently hacked pacemakers and insulin pumps to kill robot mannequin “patients.” Bottom line? Compromised IoT devices are a big deal.

IoT Is a Popular Risk

Despite the emerging risks, however, many companies are still on the path to significant IoT adoption. A recent Datamation piece noted that 68 percent of IT pros are under pressure to adopt smart devices and other Internet-accessible technologies even if they’re not entirely secure. This is a scenario where the ends justify the means: Increased efficiency now is worth the challenge of network defense or data recovery later.

So where does this leave device users and security professionals? For the moment, they’re caught between a router and a network. New IoT devices offer real promise, but defensible software and hardware architecture simply isn’t part of the native design process just yet. According to the FBI, however, there are ways to reduce the possibility of an attack. First, companies are well-served by isolating IoT devices on protected networks, along with disabling the universal plug-and-play protocol on any routers. It’s also critical to change any default passwords and opt for devices made by manufacturers with a track record of solid security.

The best advice is to consider both need and potential solution: Is an Internet-connected device required or merely a novelty? In other words, is going IoT the ideal fit? In some cases, absolutely; but in others, choosing a proven, secure device over a flashier connected alternative is the best course of action.

The Internet of Things is enjoying rapid uptake among consumers and businesses alike. Not taking the time to curate and secure network-connected devices, however, may shift the terminology to the Internet of Threats.

More from

Skills shortage directly tied to financial loss in data breaches

2 min read - The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM's 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.And that's expensive. This skills deficit adds an average of $1.76 million in additional breach costs.The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally…

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today