IoT Device Cyber Exposures Explode

Today, a wide range of smart devices provide internet connectivity. Whereas this opens the door to new possibilities for businesses, it also leads to new cyber exposures. Brokers can help their clients by raising awareness of the risks, promoting cyber safety for smart devices, and offering insurance coverage for cyber exposures.

The Growth of the Internet of Things

The Internet of things (IoT) refers to internet-connected devices, often called smart devices. These are everything from smart refrigerators to internet-enabled drones and are used for both personal and commercial purposes.

IoT Analytics estimates there were 16.7 billion IoT endpoints (or devices) in 2023. This represents a 16% increase from 2022, when there were 14.3 billion endpoints. By 2027, there will likely be at least 29 billion endpoints.

Fortune Business Insights says IoT technology will likely create new revenue streams, drive business efficiencies, and enable new business models. In 2022, the IoT market was valued at $544.38 billion. By 2023, it could reach $3,352.97 billion. According to TechTarget, examples of IoT devices in business include securing systems, environmental monitoring systems and sensors, telematics, GPS, and analytics to track vehicles. However, these are just a few possibilities – there are countless other ways to leverage IoT devices.

IoT Devices Create Easy Access for Hackers

By now, most people understand the importance of securing computers with strong passwords, antivirus software, and up-to-date systems. However, it’s easy to overlook the ever-growing number of IoT devices.

Another issue is there is no regulation of IoT devices, making it possible for some manufacturers to get away with lax security. However, the UK has addressed this with the Product Security and Telecommunications Infrastructure Act of 2022, which creates new cybersecurity requirements for connected devices. This may help going forward, but many devices already in use may have poor cybersecurity.

Reuters says hackers regularly scan the internet for low-security devices to recruit to their botnet to launch distributed denial of service (DDoS) attacks. Hackers also use botnets to access other devices on the same network and steal data or carry out other malicious activities. IoT Solutions World Congress names several high-profile attacks that leveraged IoT vulnerabilities. One involved security cameras that allowed people to look through devices and sometimes even capture audio, as long as they had the IP address. Another was a massive DDoS attack that temporarily took down large sections of the internet in 2016 by targeting a DNS service provider.

The threat is growing. In 2022, Tech Monitor warned that hacking groups were increasingly targeting IoT devices. A report from SonicWall indicated that malware targeting IoT devices had increased by 98% in the final quarter of the year.

How Businesses Can Control Their IoT Exposures

Although IoT devices are vulnerable to hacking, business leaders can reduce their risks by taking IoT cybersecurity seriously.

• When purchasing IoT devices, make cybersecurity a top priority. Although stricter cybersecurity requirements should help, some devices – such as those available in regions with laxer standards or before standards went into effect – may have poor security.
• Keep an inventory of IoT devices and actively monitor them for security threats. If you are no longer using devices or features, disable them.
• Employ good cybersecurity practices for IoT devices, just as you would for computer systems. For example, select a strong password instead of relying on the default password and apply multifactor authentication. You should also use encryption and IoT network firewalls.
• Keep the network and router that IoT devices use secure. When possible, use a separate network for IoT devices or apply network segmentation. This can prevent hackers that compromise one device from accessing computers on the same network.
• Apply updates for devices as they become available. Consider whether you will be able to keep IoT devices secure if the provider stops supporting them with updates.

Securing Cyber Insurance

Cyber insurance can help with cyber incident response costs, reputational harm, system damage, and business interruption as well as losses stemming from botnetting, cryptojacking, ransomware, and other cybercrimes. Coverage is also available for technology errors and omissions, media liability, and network security and privacy liability.

Since cyber exposures keep becoming more complex and severe, businesses need to consider cyber insurance packages that meet their specific exposures. Costero offers first- and third-party cyber coverages that we can package to meet your client’s needs. Learn more.