Connected devices have expanded the number of ways cyber criminals can attack and breach corporate networks, according to a report by Forescout.
About a quarter of a business’ IT infrastructure is no longer comprises traditional networks, which is creating new weak spots for hackers to target. “The growing number and diversity of connected devices in every industry presents new challenges for organizations in understanding and managing their risk exposure,” the company said. “In brief, we have entered the era of mixed IT/IoT (internet of things) threats, with cyberattacks growing in intensity, sophistication and frequency.”
Persistent
Attacks on IoT devices are persistent and, once compromised, the malware is harder to eradicate. The company advises segmenting corporate networks so that devices are isolated from the wider network to prevent hackers getting into a business’ core systems via such channels.
Weak passwords are still a major problem and make up 87 per cent of all attempts to breach defences. “Accounts for specific services are being scanned all the time, so make sure to change default usernames and passwords whenever possible,” the company advises. “Try to use complex, unique passwords for every service on every device. Rotate credentials at a regular interval to avoid leaked credentials remaining valid. Finally, enable two-factor authentication.”
Board responsibility
The board has a unique responsibility to cultivate a strong culture that can combat cyber risk, according to the 2023 director’s handbook on cyber-risk oversight published by NACD.
It said that while emerging technologies such as IoT and artificial intelligence were essential to an organisation’s competitiveness and profitability, they also represented a major security threat. Boards need to ensure their organisations strike the right balance between opportunity and risk.
“It is possible for organizations to defend themselves while staying competitive and maintaining profitability, but successful cybersecurity cannot simply be ‘bolted on’ at the end of business processes,” it said. “Security practices need to be woven into an organization’s key systems, processes, strategy, and culture from end to end—and when done successfully, this integration can help organizations build competitive advantage.”
This website uses cookies to ensure you get the best experience on our website.
Read our Privacy Statement & Cookie Policy
