Security threats of IoT and their implications for online brand protection

 

Last week my newly purchased oven demanded that I connect it to wifi so that it could discuss dinner options with my fridge. Unfortunately, they didn’t offer to actually make the dinner - in that case I probably would have connected both of them to our house wifi.

 

The above, and countless other scenarios, wouldn’t be possible without the ever-growing network called the Internet of Things.

 

 

What is the Internet of Things

The Internet of Things (IoT) is a network of various physical objects, including vehicles, electronic devices, household appliances, industry equipment, etc. that have the ability to collect and share data.

 

IoT is larger and more present in your life than you probably realise. Your thermostat, your watch, your car, my new oven, and many other previously mostly offline tools are capable of communicating with other devices. They are often referred to as smart objects, and their job is to make your life easier.

 

Your fitness tracker shares your vitals with your health app, your thermostat adjusts the temperature without you having to do anything, and your oven may suggest what you make for dinner based on the availability and expiration date of food in your fridge.

 

But consumers aren’t the only ones enjoying these perks. IoT is also present in various industries, streamlining processes and cutting costs. Smart sensors track and record the movement of goods in shipping and warehousing, the performance and potential faults of manufacturing equipment in factories, and even the environmental conditions like humidity on farms and in high security labs.

 

 

AI-generated illustration of an IoT-monitored greenhouse

 

 

IoT in numbers

As of 2020, there are more IoT-enabled devices in use in the world than traditional offline devices.

 

Today, there are over 18.8 billion smart devices connected to the internet, and experts believe this number will reach 25.44 billion by 2030. IoT related spending is currently at $1.1 trillion, up from $749 billion recorded in 2020.

 

| As of 2020, there are more IoT-enabled devices in use in the world than traditional offline devices

 

Regarding revenue, China is the market leader with around 35% share ($139.9 billion), with the US and Europe coming in second and third with $80.1 billion and $72.1 billion, respectively.

 

Unfortunately, the convenience of IoT comes at a price, and that is data security. As you know, smart devices can make our lives easier because they record and share data. But how that potentially sensitive data is stored, handled and used has very important security implications. Especially when it comes to your brand.

 

 

Key IoT security risks affecting brand protection

Most people know that protecting computers and smartphones against cyberattacks is important. But would you protect your fridge or your fitness tracker with the same vigour? Probably not. And that’s the problem.

 

Many IoT devices are issued with minimal security measures that are almost impossible to access, let alone update for regular users. These devices often don’t enjoy the same access to security patches and updates as other software, which leaves them vulnerable to attacks.

 

Many of them operate with the same default passwords, most likely because users have simply no idea how to change them. And these issues create backdoors for cyberattacks that can lead to so much more serious damage than an unauthorised person learning about the number of steps your fitness tracker recorded for you.

 

Let’s see the three most prevalent types of security risks associated with IoT devices.

 

 

IoT botnets

Considering the number of inadequately protected IoT devices readily available for hackers, it’s no surprise that they’re often used as members of botnets. Attackers can gain access to a large number of devices via the same default passwords, using them in large-scale cyber attacks like denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks.

 

 

Data exfiltration

Once a hacker enters an IoT device, they have access to the data stored there. This is troubling, even if all they learn are the expiry dates of the produce in your fridge. But in case of a smartwatch that’s capable of storing your credit card details for payments, the results can be devastating.

 

 

Shadow IoT

In the third most common case, attackers use the first hacked device, or a shadow IoT, to compromise the entire network it belongs to.

 

Nobody is particularly worried about an oven stealing sensitive data. But the attacker who gained access to the oven can use it to move around the network, unseen by administrators, and get their hands on much more important data than your favourite cooking temperature.

 

All these types of attacks can occur in all kinds of settings, including households, businesses, factories and - unfortunately - your brand’s offices as well.

 

 

Illustration of a woman inspecting the security measures of an IoT network

 

 

Implications for brands

The security risks of IoT devices usually materialise in one of three forms for brands, or any combination of the three.

 

First of all, you have to consider the actual damage of compromised data. You can expect potentially significant financial losses, including money stolen from you, funds you have to spend on damage control and possible legal proceedings, not to mention the operation disruptions such an attack can cause for your brand.

 

However, losing money is not all. If the public learns about the issue, and in the age of social media, that’s a highly likely outcome, you can count on losing trust amongst your customers and expect damages to your brand’s carefully built reputation.

 

Find out why it’s so important to maintain your reputation!

 

Finally, data security breaches usually entail legal repercussions. An investigation may follow the incident, involving further financial losses, legal fees, and potentially even charges if your brand is found to be negligent in some way.

 

 

Strategies to mitigate IoT security risks

Choosing the best strategy depends on how your brand uses IoT devices. If you’re only working with them in a user capacity, all you need to do is pay more attention to securing them against potential attacks.

 

Treat any IoT device as if you’d treat the computer storing your most precious data. Use strong passwords and multi-factor authentication to stop attackers from entering via default factory passwords. Isolate IoT devices in your network so that in case any of them is compromised, attackers can’t get to more sensitive data through them.

 

| Treat any IoT device as if you’d treat the computer storing your most precious data

 

Regularly update their software with security patches to cover against the latest bugs. This also implies that you should only work with IoT devices stemming from reputable sources, from manufacturers who take data security seriously.

 

On the other hand, if your brand is involved in the creation of IoT devices in any way, make sure that you prioritise security throughout the manufacturing process from design to finished products.

 

Ensure that your devices are up-to-date with the latest security standards. Educate your customers on how to secure their devices, including providing an easy way to change passwords and receive software updates.

 

As online brand protection experts, we can certainly contribute to securing your brand’s IoT devices. For example, we collect valuable data via OSINT research about the latest security issues, alerting you to a potential problem and suggesting expert solutions.

 

In addition, our software tool, screenseal, is ready to provide you with court-admissible documentation about data breaches or any other IP-related issue you want to document online.

 

 

Conclusion

The Internet of Things is wider than you’d think - and much less secure. Don’t let your brand fall victim to IoT scams; take the necessary precautions and ensure that all your IoT devices do is make your life easier.

 

Contact us if you have any questions about IoT or any other online brand protection issue your brand is facing.