The COVID-19 outbreak has profoundly changed the way people work, socialize and communicate. Virtually overnight, entire workforces have been moved online. The additional pressure placed on IT systems by this sudden shift in working practices has exposed deep cracks and enhanced the risks posed by cybercriminals.
As people have rapidly moved from office environments to working from home, the requisite cybersecurity to prevent large-scale cyberattacks has not been able to keep pace. With smart homes providing a myriad of potential access routes for hackers, poorly secured IoT networks have long been at risk. However, as the workforce has shifted home, existing IoT weaknesses are beginning to threaten entire corporate networks. With hackers able to enter IoT networks through the back door, the corporate crown jewels are increasingly at stake.
The weakness of IoT networks
The shift to working at home is a significant concern for CIOs. Already overburdened in a traditional organizational environment, it’s next to impossible for them to monitor everyone’s home networks. This is because CIOs do not have the systems in place, and many do not have the know-how or budgets to implement the infrastructure quickly.
This problem is a lot worse for homes with IoT devices. An average home has multiple connected IoT devices from a variety of manufacturers, all of which operate on the same network as the employee’s home computer. Furthermore, the number of IoT devices is rising: Surveys show that there will be 5.8 billion IoT endpoints by the end of this year, a 21% increase from 2019, according to Gartner.
Each smart device provides a hacker with a potential route into the IoT network. For example, an attacker who initially compromises a thermostat or smart lightbulb at a home worker’s house can theoretically gain access to an entire network and remotely unlock a door, change the keypad PIN or steal data from the network. The problem facing CIOs is that the weak IoT devices have almost no cybersecurity. With existing solutions that simply do not suit real-time device interactions and the increased number of people working from home, cybersecurity has suddenly become far more challenging.
The risk to corporate networks
The IoT ecosystem provides a clear and obvious target for cyberattacks and a pathway to the wider corporate networks. Once the initial barrier of an IoT network has been breached, it is only a matter of time before a hacker finds their way into the corporate network. IoT devices without strong cyber protection can easily become part of a botnet that carries out distributed denial of service (DDoS) attacks or fall prey to IoT-focused attacks such as man-in-the-middle attacks, data and identity theft, and device hijacking.
Formulating potential solutions
Fortunately, CIOs can reduce the threat of cyberattacks in several ways. It is essential for employers to raise awareness about how to keep safe by changing passwords, installing security patches and validating anti-virus software. Home workers should change usernames and passwords on home routers and IoT devices.
Though short-term solutions are important, it has become increasingly clear that the COVID-19 outbreak will change the way CIOs and their employees work for good. When things return to normal, the immense change that working from home has caused will likely leave its mark. CIOs are likely to see far more people working from home as businesses become more comfortable with the idea and can better support the practice.
Of course, this means everyone must become far better at protecting their networks, and far wiser about the risks that weak or unsecure IoT devices can pose. IoT devices must incorporate cybersecurity solutions that protect the whole network.
Developing solutions that secure the home network must be a top priority. It’s clear that the coronavirus outbreak has had a profound effect on all walks of life. As CIOs learn to adapt to this new way of life, a new paradigm is beginning. To be prepared for this new normal, CIOs must start taking cybersecurity seriously by removing simple vulnerabilities.
This article has been written by Ohad Amir, Essence CTO, and published in IoT Agenda.