Organizations are at a much higher risk of cyber-attacks due to the expansion of IoT (Internet of Things) devices into their networks, according to a new study by Palo Alto Networks threat intelligence team, Unit 42. threats vulnerabilities affecting the current ecosystems of the IoT device supply chain, published during National Cybersecurity Awareness Month, which this year focuses on the role played by individual users in strengthening it security of IoT devices.
According to Infosecurity, the researchers first pointed to a recent study, the findings of which showed that 89% of organizations have seen an increase in the number of IoT devices in their network in the last year, which significantly expands its area attack. The researchers also stressed that organizations need to consider the vulnerabilities of the supply chain of IoT devices, where a third-party is installed. software costs. with vulnerabilities or is part of certain components, such as a application ή firmware.
A common misconduct of organizations was the integration of third-party components and hardware without listing the components that were added to the device, according to the survey. This makes it difficult to determine how many products from the same supplier are affected when a vulnerability in one of these components.
In addition, the researchers noted that it is difficult for users to know which components work on any IoT device, each of which has its own inherent security properties that depend on other components with their own security properties. This means that an entire device can be compromised if only one of these components is vulnerable. They also reported that users who manage networks with IoT Appliances often do not know how many of them are connected to a corporate network. This makes it difficult to monitor potentially vulnerable devices, while increasing the chances of cyber attacks succeeding.
Researchers Anna Chung and Asher Davila pointed out that it is vital to maintain a list of devices connected to the network to identify devices and the suppliers or manufacturers of those devices that use a vulnerable component so that the administrator can fix, monitor, or disconnect them if necessary. They added that full visibility of the devices connected to the network and informing the organizations when a device shows vulnerabilities, is vital to defend their infrastructure from possible cyber attacks.