Your IoT device is one of your biggest cybersecurity risks

The tech revolution means that we’re more connected to the internet in more ways than ever. It’s not just smart speakers that are trying to use data and cloud connections to servers to try and improve our lives; toasters, refrigerators and cookers are also now “smart”. 

But with that increased interconnectedness, and the rise of the internet of things (IoT), come major risks. A lack of adequate protection for smart devices, and the rise of canny cyber criminals who are willing and able to take advantage, means we’re at risk of being hacked through more than our phones, laptops and desktops nowadays.

IoT devices make up a third of all the infected devices scanned by Nokia Threat Intelligence.

That figure is alarming enough before you consider that it was just 16% last year. The proportion of IoT devices that have been co-opted by criminals into being used as part of a botnet, or siphoning off a user’s personal data, has doubled in just 12 months. 

A major risk for IoT devices

“The Nokia Threat Report is a welcome confirmation for security professionals that mobile platforms are not something that can be disregarded as a risk,” says Boris Cipot, senior security engineer at Synopsys. “If we think about it, today we have more processing power and memory in our smartphones than we did just a few years ago on our laptops and desktops.”

Part of the problem is that we’ve adapted how we use the internet, and smart cyber criminals looking to cash in on taking advantage of us are simply adapting their attacks to respond to our usage patterns.

“Most individuals now jump on their phones or tablet to browse the internet or read their emails. Use cases have shifted from traditional desktop/laptop to mobile device and as such, it is normal that cyberthreats have followed this trend,”

says Cipot.

Nokia’s analysis was conducted on more than 150 million internet-connected devices worldwide, focusing on those that use Nokia's NetGuard Endpoint Security product.  

“The sweeping changes that are taking place in the 5G ecosystem, with even more 5G networks being deployed around the world as we move to 2021, open ample opportunities for malicious actors to take advantage of vulnerabilities in IoT devices,” says Bhaskar Gorti, Nokia Software President and Chief Digital Officer. “This report reinforces not only the critical need for consumers and enterprises to step up their own cyber protection practices, but for IoT device producers to do the same.”

Pay attention to all the risks, not just one area

The risk is that end users are only aware of the latest threat, and don’t take into consideration all the concerns that they should have as a whole. For years we’ve been told to bolster defences on our PCs, and let criminals run roughshod over our phones. When we move to tightening up security there, they move to IoT devices.

The fear now is that, knowing we’re focused on IoT alone, the criminals may now move back to more traditional areas of vulnerability for end users.

“Nevertheless, that is not to say that individuals should disregard standard PC threats,” says Cipot. “While mobile threats are rising, this does not imply that PC threats are decreasing. On the contrary, these threats are growing in number too.”

For that reason, it’s important not only to consider a single area of vulnerability that could be exploited by bad actors, but to think about your entire online and internet-connected presence as a holistic whole. The latest data shows a significant, growing risk with IoT devices falling foul of cyberattacks. But it’s important to not be reactive, but instead proactive, in securing your defences.