sb-au logo
Story image

IoT security in danger of being ignored, says Trend Micro

05 Apr 2017

Security in Internet of Things (IoT) devices has been highlighted by the recent Mirai and Dyn botnet attacks - and Trend Micro says that most of those devices come with preset, easy passwords and inactivated security.

Organisations that install the technology also suffer by not ever using reinforced configurations, which means hackers can exploit significant holes, Trend Micro says.

Trend Micro says that organisations shouldn’t be dissuaded from using IoT technology, as it is opening up a vast space for data collection and consumer convenience. 

IoT security will improve, but organisations must take steps to protect their hardware from attacks - and data privacy issues. It will require management, but the outcome will be worth it, the company says.

Trend Micro says that configuring every single sensor or creating a firewall for their coffee maker is a mission, which is why most organisations fail to correctly configure devices without changing standard authorisations. 

However, everything must be configured so that attackers are left with no possible exploit holes. Data breach systems can detect unusual behaviour in networks, which also helps to spot malicious access in IoT devices, Trend Micro says.

Organisations must address how IoT devices collect, use and disclose information they connect. In addition, there should also be clear rules about how user data is secured and deleted. If there are no rules, it means systems and data could be at risk if attackers get in.

Unsecured IoT devices allow attackers to get in and then execute much bigger attacks. The Dyn DDoS attacks took down Netflix, Twitter and Spotify through unsecured IoT devices such as cameras, routers, DVRs and other household appliances, Trend Micro says.

The company also cites hacker tools such as Shodan, which can be used to search for exposed cyber assets and gain each device’s IP address, application and firmware versions.

Trend Micro says that organisations must configure their devices correctly for their specific organisation’s requirements. Use passwords that are complex and difficult for hackers to guess. Data breach systems will also trigger an alert for any malicious access to IoT devices.

Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
IT leaders fear increase risk of cyber attacks while working from home
More than 80% of IT leaders believe their company is at a greater risk of cyber attacks when their staff are working from home, according to new research. More
Story image
Transform your home office tech to look and sound like a pro
AVerMedia's Live Streamer Cam and the AM310 USB Microphone could be exactly what you need.More