Security Threats & Embedded Devices

Last year our connected world of machines, devices, people and networks resulted in more than 900 reports of theft or loss of data with six instances resulting in nearly 40 million records being compromised. Despite numerous warnings, extensive media coverage and corporate security policies, companies continue to struggle with cyber threats.

As the number of connected devices grows exponentially, no company can afford to take a casual approach to security. Everyone is a target: businesses large and small, across every industry.

But what creates these vulnerabilities? At Netop, we believe threats to embedded devices, and a company’s infrastructure in general, stem from the following:

Users
Though not intentional, people are prone to make mistakes whereas computers, devices and machines are not. An oversight by an administrator, a moment of absentmindedness by a technician or an employee unknowingly opening a malicious file can all expose network vulnerabilities.

Discoverability
With modern search engines, anyone can now find devices connected to the Internet. Once a device is discoverable, it’s vulnerable. Eventually an experienced hacker will look for ways to exploit any opportunity they can find.

Remote Access
With remote access capabilities now built into operating systems, the ability to remotely connect to another device is nearly ubiquitous. Removing geography means companies are just as likely to be targeted by someone from another country as they are by someone next door.

Lack of Familiarity
Today nearly every technology asset – including HVAC units, building sensors and security cameras – is equipped for Internet connectivity, which means it’s potentially vulnerable. Such a wide range of devices means expertise is spread thin and even the most seasoned IT professionals can’t know or be certified on everything.

Legacy Equipment
Many manufacturing, building automation and healthcare devices – that now connect to the Internet – were not originally designed with security in mind. Instead, such devices were created for ease of use, access and reporting data. This shortsightedness on security has left many legacy devices open to vulnerabilities.

For more information, check out our white paper: Embedded Devices & Data Thieves.