Let’s face it: The Internet of Things (IoT) devices often have weak security controls and are not separated by a firewall from other networks, which can render your whole network at risk for a hack.

Today’s blog post will focus on the definition of IoT, what thought leaders in the industry believe about IoT threats and best practices in managing these devices to minimize your company’s overall cyber risk levels.

The Internet of Things Definition

Simply stated, the Internet of Things is made up of devices that are connected to the internet – from simple sensors to smartphones to digital assistants. These devices are increasingly talking to each other. Here’s an example: Tell Google Home to shut off the lights. To complete the task, Home, an AI digital assistant, must “talk” to a smart lighting system.

As more and more IoT devices roll out to the market, they will help increase productivity of employees, and save corporations significant money by completing a sundry of tasks such as automatically or on command adjusting the heat, air conditioning, and lighting in the building.


Experts Weigh-In

  • According to Gartner, 20.4 billion things will be connected to the internet by 2020.
  • Among the more than 5,000 enterprise accounts that AT&T surveyed, 85% will be deploying IoT devices in the future, yet only 10% felt confident they will be able to secure these devices from hackers.
  • Roughly 66% of enterprises are expected to experience IoT security breaches by 2018. By 2020, 25% of enterprise attacks may be IoT related, yet at present IoT security only accounts for 10% of the security budget, per IDC.
  • According to November 2016 research by Aruba, 84% of IoT adopters have experienced a security breach.
  • The IoT Alliance is a network of solution providers that is dedicated to working toward protecting all IoT devices from endpoint to endpoint, including designing products with built-in security features. It currently has 17 members.


The Reasons IoT Devices are So Vulnerable to Attacks

You may be wondering at this point, “Why are these devices so exposed?” Here are some of the reasons a typical IoT device can be a point of network exposure:

  1. Many devices connect to the internet use stock code from open-source software, which makes them easier to hack.
  2. Most IoT units don’t have firewalls because they don’t have enough memory to support this software.
  3. The encryption level, if there is any, is at the lowest level possible.
  4. Many users do not change the default passwords on IoT devices making the vulnerability of these devices to this sort of misuse obvious.


IoT Best Practices

Even though IoT is relatively new, it is important that these devices be included in your cyber security policies. Here are guidelines we highly recommend for you to implement in your organization:

  1. Develop an IoT strategy.
    Given all the information above, it is time to determine:

    1. Why your organization is implementing IoT
    2. Which IoT devices are important to running your organization
    3. Determine the risk/reward equation with regards to vulnerabilities and benefits.
  2. Inventory all IoT devices.
    Not only will inventory need to be taken, but you will need to know how the units are configured and, what/who they will talk to them within the organization. Determine which devices are acceptable in the organization and which are not.
  3. Develop an IoT security policy.
    Train employees on the policy, review which devices are on the acceptable and the consequences of bringing to work unaccepted devices. Emphasize cyber security is the responsibility of every employee.
  4. Complete regular vulnerability assessments.
    Due to the quantity of new IoT devices that will flood the market in the next several years, it is important to complete regular vulnerability tests throughout the year to remove any devices that might put your entire network at risk.



IoT devices can be a threat to your company, but they don’t necessarily have to be if you implement a workable IoT strategy that is adequately funded. As time progresses, these devices will contain the proper level of security and encryption to reside on the network, but until then, your company’s IoT strategy, inventory, and vulnerability assessments need to be taken on a regular basis.

About ShellProof Security

We are specialists in cyber security in the small to medium sized business arena. We take a business-driven approach to your organization’s adoption of IoT by helping you with strategy, inventory, policy consulting and vulnerability assessments. Call us at 212-887-1600 to speak to one of our cyber security experts today!