Over the last two weeks, the significant security concerns are the lack of secure encryption, weak passwords, and poor certificate management practices. IoT manages to identify an access point on the network that can be used in a cyber attack (Contos, 2022). It is because of the lack of secure encryption, default passwords, or weak credentials. Another thing that can cause security concern is poor certificate management practices and insecure services that were re-enabled or modified without proper authorization. As a result, devices that lack the proper security measures have been deployed. The company will have to harden their devices and deploy secure new ones.
As for the events that have occurred, the first event was an access point discovered on the network by IoT, making the devices vulnerable to a cyber attack. The second event was because of poor certificate management practices and insecure services re-enabled or modified without proper authorization (Contos, 2022). This month there have been significant problems with only lack of secure encryption, default passwords or weak credentials, which is common in any organization of IoT devices.
The information security issue aligned with authorization by deploying secure IoT devices to the company’s network to mitigate the vulnerabilities that arise with IoT devices. This security concern allows external connections to be made to the device, certificate management, password policies, and existing security controls that can mitigate against these attacks are already implemented or disabled (Contos, 2022). In addition, the company secures its IoT devices by limiting internet access and monitoring for environmental drift. No known access points on the network could be used by an attacker, even if one existed.
The information security issue aligned with authentication using strong passwords and secure mobile devices. The event that occurred at the particular time of the incident is that there have been many recently hacked industrial control systems (Contos, 2022). Some additional issues are associated with securing IoT devices, such as outdated and insecure firmware, mishandling of environmental drift, and poorly managed digital certificates (Contos, 2022). Therefore, future risks should be evaluated, and a strategy should be developed to mitigate these threats.
I was interested in the article because I was fascinated by learning about the types of threats and risks that hackers can use to target IoT devices. I learned from this article that hackers are very crafty and use different methods to target a certain device. They could hack into a wireless router to access other wireless devices. They also got into the system of an IoT speaker and then turned the volume up on it so that we would be alerted by its loudness. I have learned from the article that IoT devices have many risks and that the company I work for has to put in security measures to protect the data from being hacked.
As a cybersecurity professional, I could use the article for my career by learning how hackers can target IoT devices. I could also use it to help with my cybersecurity skills in watching out for any issues with my company’s IoT devices, so another hacker would not be able to access them. It will help protect the company’s network from cyber threats like these. For instance, the company will have to implement a proper change management process, including verifying all changes by its audit team.
In conclusion, IoT devices are very insecure, and their security is not up to the mark. Many risks are associated with it, which can impact the company’s functioning. The company has to ensure that its devices are secure by following some of the best practices of the internet of things. In addition, this article shows how IoT devices can be hacked and some precautions a company should take. Such as following best practices and securing the IoT device by hardening it.
Reference
Contos, B. (2022). 6 ways to reduce your IoT attack surface: As attackers target the ever-growing IoT attack surface, companies can reduce their risks with these six security best practices. TechRepublic. Web.