A report from cybersecurity professionals, NCC Group, on behalf of the UK government, has been published. It argues that IoT devices in the enterprise are a major liability, with many organisations running old and outdated software and not adhering to security standards.
"The fact that outdated software and unpatched solutions are "prevalent across devices" is particularly worrying. Ultimately, the onus is on the manufacturers of devices to ensure their products are truly secure by design, but this still doesn't seem to be a priority. One of the key issues is that many IoT devices, are still built with usability first and security as an afterthought. In particular, the report highlighted how privileges can be escalated which provides an open door for attackers not only to gain access but also to move laterally once they are inside.
The report is a timely reminder that we have to make sure that, as the attacks surface expands, functionality is not sacrificed for the security of our systems, networks and sensitive data."