#NCSAM: Organizations at Higher Risk of Cyber-Attacks Due to IoT Expansion
Organizations are at much higher risk of cyber-attack due to the expansion of IoT devices in their networks over the past year, according to new research by Palo Alto Networks' threat intelligence arm, Unit 42.
The analysis, which looked at the multi-layer threats and weakness impacting current IoT supply chain ecosystems, has been published during National Cybersecurity Awareness Month, which is this year focusing on the role individual users can play in enhancing the security of IoT devices.
The researchers firstly highlighted a recent survey showing that 89% of organizations had seen an increase in the number of IoT devices on their network over the last year, significantly expanding the attack surface area.
They highlighted that supply chain attacks in IoT can both come in two forms: from software installed in a certain device that has been compromised to hide malware, and from a piece of hardware implanted or modified to change a device’s behavior. They added that supply chain vulnerabilities, in which third-party software with vulnerabilities is installed or is part of certain components, such as an app or firmware, should also be considered.
A common malpractice was the incorporation of third-party and hardware components without listing the components that had been added to the device, according to the research. This makes it difficult to know how many products from the same vendor are affected when a vulnerability is discovered on one of these components.
In addition, the authors said that it is hard for users to be aware of which components ar ..