Technology is the primary enabler of the modern economy. The rise of the internet with all its bells and whistles lead to an information revolution. Today’s companies and individuals have more access to information on-demand than ever before, but this comes with a host of risks.
“Attack surface” isn’t a term the average user is familiar with, but they should be. Recent reports of hacks on smart devices show an increasingly sinister practice by bad actors looking to exploit poor security for personal gain. Security cameras and “Internet of Things” (IoT) connected devices are now regular targets from hackers who deploy sophisticated exploits.
Security Camera and IoT Hacks on the Rise
The rate at which new devices connect to networks will continue to increase exponentially over the next five years. From about 17 billion connected devices in 2018, reports suggest that this number will increase to 21.7 billion by 2025. One of the most popular connected devices is the Ring security camera. The company, wholly owned by Amazon, recently came under fire for failing to address security flaws in their products.
Recent news reports included instances of a compromised camera, allowing criminals to threaten homeowners and even harass kids in their bedrooms. While the company hasn’t admitted to any wrongdoing and instead blamed owners for poor security on their networks and devices, CNET had already raised concerns as far back as 2016.
Vulnerabilities in Internet-Connected Security Cameras
Ring said unequivocally that their system wasn’t breached. Although this is the company’s official position, personal information of more than one hundred thousand users ended up on the dark web at the end of 2019. Once personal information becomes available on the dark web, any bad actor can access and use it to launch an attack on the device or network.
The company lays the blame on users who hadn’t updated their passwords from the default ones or they didn’t use complex passwords, and Ring claims that is what put their networks at risk. Ring will now have to defend its position in court after a couple filed a lawsuit blaming them for negligence. Regardless of the outcome, it does show that although a connected device may provide additional convenience, it also drastically increases a company or individual’s attack surface.
How to Defend Against Camera and IoT Hacks
For individuals and companies alike, keeping networks secure should be a primary concern. The number of malware samples that target IoT devices totaled 122,588 by the middle of 2018. This was three times more than the total malware exploits discovered in 2017. There’s a new trend for cybercriminals to develop exploits that specifically target home and office security cameras and other connected devices.
Taking proactive steps to secure the entire attack surface of a company’s networks will be essential in the future. For companies concerned by their existing IoT devices and connected equipment, they can follow these steps to improve their network security.
1. Keep an Inventory of all Devices
Maintaining a list of the devices connected to the network is a good place to start. Companies often do not include these devices in their official security policy, meaning they receive less attention from the IT department. Devices can consist of smart TVs, security cameras, sensors, as well as the smartphones or laptops that run the software to manage the equipment. Once the company knows about every device connecting to their network, they can establish security policies to protect them.
2. Monitor the Network for Data Spikes
One way to detect a breach on the network is to monitor the flow of data. Regular network activity will have a baseline of traffic flow. If this baseline suddenly increases, it could indicate a compromised network. When this occurs, it’s good practice to reset all smart devices and security cameras so that they revert to using their original firmware.
3. Enforce a Password Protection Policy
Whenever configuring an old device or connecting a new one, ensure the company’s administrators use strong passwords on every device. Never use the default password that came with the device and avoid reusing older passwords. This is especially true for office security cameras as a compromised device can allow hackers to spy anonymously on the company and gather sensitive information.
4. Segment Company Networks
Wherever possible, companies should segment their networks to separate confidential data away from IoT-connected equipment. If the device uses the same networks as the rest of the company, it could compromise the entire business’s information systems.
5. Restrict Access
Ensure that IoT devices can only be accessed by trusted employees or company officials. When possible, enforce strict usage rights and privacy settings to limit who can use devices and to what end. Utilize built in features such as voice recognition or other measures to prevent unauthorized use.
Secure Your Smart Devices and IoT Equipment with CDS Office Technologies
CDS Office Technologies can help organizations improve their network security with a range of IT solutions. As office technology experts, CDS has assisted organizations in leveraging the latest solutions for improved efficiency and increased productivity. CDS Office Technologies provide managed IT services, cybersecurity and can supply a range of IoT-enabled office solutions.
To improve your security cameras and protect your range of IoT smart devices, get in touch with CDS Office Technologies today.