Oct 17 — The US Federal Bureau of Investigation (FBI) recently issued an industry notification pertaining to unpatched and outdated devices, warning the public that cyber criminals are continuing to target internet-connected devices in order to leverage device weaknesses for nefarious gains.
IoT devices are known to retain many vulnerabilities. The number of vulnerabilities within medical devices is particularly concerning, as many operate on outdated software and were built without adequate security features.
FBI documentation states that, “these vulnerabilities negatively impact organizations’ operational functions, overall safety, data confidentiality, and data integrity.”
Is there a real threat to businesses?
The short answer is yes. Every IoT device that connects to the network through the internet increases the cyber attack surface. Securing IoT vulnerabilities is not a simple task. Here are a few reasons why this technology poses a greater-than-average security risk:
- IoT devices were not designed with security in mind and often aren’t managed with security in mind (they’re usually unattended and unmanaged).
- Up to half of connected devices, like ultrasound and MRI machines, run on legacy operating systems that are no longer supported or maintained—meaning zero security support or patches are available.
- There’s no certification and standardization for cyber security in medical devices – which is ironic considering that medical device safety is one of the strictest areas of regulation globally.
- There is a chaotic assortment and dispersion of devices across the organization, making it almost impossible to manually identify and map every single device to try and monitor its communication destinations.
- IoT devices lack standardized interfaces and controls, so it’s also very difficult to create a uniform security policy, upgrade software, or even implement strong passwords without a solution specifically designed for IoT security.
The cost of a cyber criminal exploiting these vulnerabilities leaves a huge impact, both in the areas of financial loss and safety for employees, customers, patients, etc. For more on this story, click here. Lastly, get engaging stories, expert analysis and real-world reports delivered to your inbox each week – subscribe to the CyberTalk.org newsletter.