The Internet of Things (IoT) is a burgeoning sector of technology, often associated with the smart home but also consisting of all sorts of business applications, with networking properties often part of objects that aren't traditionally online or "smart." IoT can refer to small, nontraditional objects being internet-connected and part of networks. Printers and cameras can be IoT devices, as can medical devices.
A new report states that while the Internet of Things is growing rapidly, there are ongoing security threats associated with it as well, especially in the medical sector.
According to the 2020 Unit 42 IoT Threat Report, released this week by Palo Alto Networks' Unit 42 team, "the general security posture of IoT devices is declining."
The report cites Gartner research that IoT endpoints reached nearly 5 billion by the end of 2019, a jump of 21.5 percent from the year before. It finds that with that growth comes threats- and organizations are left "vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams have long forgotten."
The report, which used Palo Alto's IoT security product Zingbox, found that 98 percent of IoT device traffic is unencrypted, while 57 percent of such devices are "vulnerable to medium-or high-severity attacks, making IoT the low-hanging fruit for attackers." This is especially a problem, the report found, with medical imaging devices, as the majority of such devices ran on the now-sunsetted Windows 7. Other concerns include the potential for malware to migrate from computers to IoT devices, and specific IoT cyberattacks.
Another problem with medical devices, the report says, is that health care settings, information technology and operational technology teams don't always work directly together. In addition, many medical devices use outdated operating systems.
"High-profile, IoT-focused cyberattacks are forcing industries to recognize and manage IoT’s risks to protect their core business operations," the report says. "Markets such as healthcare are exposed to an amount of risk that surpasses previous expectations. Some IoT vulnerabilities are life-threatening, while some attack critical enterprise functions or exfiltrate confidential data."
The report's recommendations include thinking "holistically" about IoT strategies, including keeping on top of when new devices are connected. IT teams should also manually onboard and secure any added IoT devices. It's also recommended that they manage their IoT devices in real time, and retire them in a "managed and audited" process.
IT personnel are also asked to expand their usual security to all of their IT devices.
Stephen Silver, a technology writer for The National Interest, is a journalist, essayist and film critic, who is also a contributor to Philly Voice, Philadelphia Weekly, the Jewish Telegraphic Agency, Living Life Fearless, Backstage magazine, Broad Street Review and Splice Today. The co-founder of the Philadelphia Film Critics Circle, Stephen lives in suburban Philadelphia with his wife and two sons.