Categories
Cybersecurity Tech Magazine

Cybersecurity Risk of IoT: Securing Smart Devices at Home

The increasing prevalence of IoT devices in homes worldwide raises cybersecurity concerns, emphasizing the need for proper usage to safeguard homes and families.

Common IoT Devices and Associated Cybersecurity Risks

Cybersecurity risks of IoT

IoT devices such as smartwatches, distance-measuring sneakers, home automation applications, and more, while enhancing convenience, also pose security risks if not used cautiously. These connected devices are susceptible to hacking, potentially compromising personal information and, in the case of geolocation-enabled devices, even indicating when homes are vacant.

Reports suggest that 2024 will see a surge in cybersecurity risk and threats to IoT devices. Therefore, awareness of these risks is crucial, prompting the need for users to secure their devices effectively.

The most common cybersecurity risk associated with IoT devices include personal data theft, knowledge of home habits, family geolocation access, fraudulent purchases, physical theft, identity theft, malware introduction, and illicit trading of personal data or images in underground markets.


Also read IoT Consultant Job Description


Recommendations for Cyber Protection

Cybersecurity risks of IoT

To mitigate these risks, Mindquest‘s experts recommend the following cybersecurity measures for IoT devices on a global scale:

Create Separate Networks: Establish dedicated networks for IoT devices using intelligent routers that create virtual networks. This prevents potential infections from spreading between computers and IoT devices.

Strong, Unique Passwords: Implement robust and distinct passwords for each IoT device, with regular password changes to enhance security.

Disable UPnP Protocol: Turn off Universal Plug and Play (UPnP) to hinder devices from easily discovering each other.

Regular Updates: Install the latest updates promptly, as they often include crucial security patches to address vulnerabilities.

Download from Official Sources: Obtain mobile apps exclusively from official markets to reduce the risk of downloading compromised applications.

Prioritize Security Settings: Review and prioritize the security settings of IoT devices over other functionalities to enhance overall protection.

Turn Off When Not in Use: Disable IoT devices when not in use to minimize the exposure to potential security threats.

User Training in Cybersecurity: Provide users with training and awareness programs on cybersecurity, especially for those utilizing IoT devices.

Cybersecurity Challenges of Smartwatches

Cybersecurity risks of IoT

As an illustrative example, we at Mindquest highlighted cybersecurity concerns specific to smartwatches:

Lack of Cybersecurity Standards: Smartwatches, like other IoT devices, face challenges due to the absence of specific cybersecurity standards.

Sensitive Information Collection: Smartwatches gather extensive personalized information, including GPS location, application notifications, biometric and health data, training information, and payment transactions, making them susceptible to data breaches.

Vulnerabilities in Design and Connectivity: The design and connectivity of smartwatches pose vulnerabilities that can be exploited by attackers. Weak user passwords and outdated systems further compromise security.

Limitations on Antivirus Software: Some smartwatches do not support antivirus software, leaving them exposed to potential threats.

Lack of Two-Factor Authentication: Absence of two-factor authentication in certain smartwatch designs increases vulnerability, especially in payment transactions.

Automatic Pairing Risks: Automatic pairing with other devices poses risks, necessitating the need to disable this function to prevent unintended connections with public or insecure Wi-Fi or Bluetooth networks.


Need advice on how to start or develop your freelance consulting business in tech or IT? Need to start a new permanent or freelance assignment? Join Mindquest and get support from our team of experts.

Create an account with Mindquest

Categories
Cybersecurity Tech Magazine

Cybersecurity Careers Overview

When it comes to cybersecurity, one thing is certain: things only get more complex over time. Therefore, spurred by the global health crisis and the business world’s increasing reliance on IT systems, cybercrime is on the rise. At the same time, the industry is facing a rapidly widening talent gap that makes securing company networks and infrastructure doubly difficult. Moreover, the leading cybersecurity professional organization (ISC)² estimates that the global cybersecurity workforce needs to grow by 145% to meet the demand for skilled cybersec talent. Message received about cybersecurity careers: it’s the perfect time to be a cybersecurity professional

But it’s not always easy to identify the right career path in this ever-changing and all-encompassing area of IT. Here are a few guidelines to help you navigate the field. 

Three levels of roles  

All cybersecurity job titles fall within three levels or categories: entry-level, mid-level and advanced. Examples of jobs at the various jobs available depending on the level of experience include: 

  • Entry-level: System Engineer, System Administrator, Network Engineer, Security Specialist
  • Mid-level: Security Technician, Security Analyst, Incident Responder, IT Auditor, Cybersecurity Consultant, Penetration Tester
  • Advanced: Cybersecurity Manager, Cybersecurity Architect, Chief Information Security Officer (CISO)

Cybersecurity careers : How to get a job

Although the previous distinction seems obvious at first glance—most careers have the same three levels—it is important to note that these don’t necessarily imply a linear progression, especially when looking to access mid-level cybersecurity roles.  

That is due to the fact that a large proportion of security experts started out as experienced IT professionals with deep technical expertise, only moving into cybersecurity after mastering the ins and outs of networking, cloud and other core areas related to the security practice. 

While accessing the cybersecurity industry through an entry-level role is possible and quite common—companies like to hire recent tech graduates who can quickly learn the basics and adapt to their particular workplace culture—most cybersec professionals are more on the senior side.  

According to (ISC)², the average cybersec pro has worked for 9 years in IT roles, having spent 5 of those working on cybersecurity-related projects. 

Top skills for cybersec pros 

Since cybersecurity has many specialisation fields, there is not a unique set of skills that applies to all positions. Those interested in more technical tracks will have to gain full proficiency of the protocols, environments, devices and applications that are important for their specific niche.  

Some of these technologies include: 

  • Operating systems & databases (Windows, Unix, Linux, SQL…) 
  • Programming (C, Python, shell, assembly languages…) 
  • Networking (configuration, TCP/IP, Proxy servers, firewall protection, VPNs…) 

Once that is covered, security pros tend to go onto focus on a particular field or family of technologies, including: 

  • Cisco and Microsoft 
  • Cloud computing 
  • Wireless 
  • Database modelling 
  • Cryptography 

In addition, managerial roles will require the ability to plan and conduct training, write technical specifications, evaluate risk and the compliance with legal regulations.   

Soft-skills are also critical for a successful career in cybersecurity. Team building and collaboration, a curious mind with a passion for solving puzzles, the business acumen to navigate corporate environments. All of these  

Cybersecurity careers: certify yourself 

Finally, and as it is often the case with technical careers, certifications are absolutely vital. There are several world-renowned organisations and companies offering certifications based on the area of focus: 

  • CompTIA 
  • EC Council 
  • (ISC)² 
  • ISACA 
  • Cisco Systems 
  • Microsoft 

Besides validating your expertise within the industry and justifying, for instance, a career change into cybersecurity, certifications will often allow you to earn more money. 

According to (ISC)² estimates, the average salary for cybersecurity experts holding a security certification is €60,000, way more than that of those who don’t —about €7,000 on average. 

Connect with Mindquest Newsletter
Categories
Cybersecurity Tech Magazine

The State of Cybersecurity in 2020

A surprising number of things can happen in a minute, especially when it comes to cyber threats and their consequences. Quick overview. The state of cybersecurity in 2020

Firstly, every 60 seconds, 375 attacks are unleashed upon the global community, costing the world economy $2.9 million. In other words, every single computer with an internet connection is targeted by malicious agents about 1.5 times per minute. A whooping 16,172 records are compromised.[1] Certainly not a promising picture if you are a business leader or oversee a company’s cybersecurity for a living.

As we celebrate cybersecurity awareness month to promote greater security and cyber hygiene, we would do well to keep in mind that every day should be cybersecurity awareness month. Therefore, we can all benefit from a deeper understanding of today’s most common threats and what we can do to protect our business systems from them.

Cybersecurity in 2020: the impact of the pandemic

The already complex world of enterprise security got further intricate with the advent of COVID-19. Also, the sudden shift to remote work has pushed company networks to the limit, opening a myriad of new potential points of entry for attackers to exploit. Additionally, the ensuing fear and confusion have given more leverage to attackers looking to deceive individual employees as a means to gain company-wide access. As they say: you are as strong as your weakest link. And hackers love that.

Cybsersecurity in 2020: the impact of the pandemic

Social engineering, the act of tricking someone by using their natural tendencies and emotional reactions, has acquired a whole new dimension of sophistication and finesse. Phishing emails disguised as governmental safety announcements, fake HR memos encouraging you to get acquainted with the office’s new cafeteria policy. And that is just the start two per cent of all COVID-related websites created in recent months contain malicious code. A seemingly small number until you realise there are billions of COVID-19 pages out there.[2]

Remote work is here to stay, and so are the advanced techniques that cybercriminals use. In fact, they will only get more refined in the months to come.    

A growing variety of cyber threats – Cybersecurity in 2020

In addition to the rising complexity of attacks, the sheer variety of techniques hackers use is a top concern for companies and cybersec professionals who are struggling to catch up with an ever-growing catalogue of threats. New forms of mobile malware alone, for instance, have grown 12% compared to last year. PowerShell-based malware, which leverages the Microsoft task automation and configuration management framework to carry out attacks without leaving any traces, grew by 1,902% over the same time period.[3]  

Also discover our article & interview: Leadership Failure: The Real Human Element Behind Cyber Attacks

Targeting the cloud

Cloud has become the backbone of the modern enterprise, and hackers are targeting it accordingly. The rise in attacks is being particularly felt in those industries which depend the most on the cloud for productivity. For example, threats aimed at the transportation and logistics sector increased by 1,350% in the first quarter of the year. Education experienced a 1,114% rise in attacks, with governmental organisations, manufacturing and financial services following behind.[4]    


The Top 10 Belgian Cloud Pros to Follow on Twitter


Most attacks are opportunistic in nature and involve the “spraying” of cloud accounts with stolen access credentials. The majority of access attempts came from either China, Iran or Russia. [5] 

Ransomware-as-a-service

While phishing and trojans are still behind most cyber attacks, ransomware continues to surge and is perhaps the most feared malware of them all. Its capacity to cripple an entire company’s operations in a matter of minutes, together with how difficult it can be to prevent these attacks in the first place, surely keeps many security specialists and IT managers awake at night. Also, threat actors are becoming increasingly sophisticated.

What started as attacks by individual hackers or small rogue groups has now evolved into full-fledged criminal organisations that operate under a ransomware-as-a-service approach. Some even have “customer service” helplines to guide victims through the process of paying the ransom.

These hacker groups have greatly benefited from COVID-19, taking advantage of the increase in cloud usage and telework. Half of the world’s organisations were hit by ransomware last year, with most successful ransomware attacks involving public cloud data. Data was successfully encrypted in 73% of attacks.[6]

Additionally, attackers are finding more and more weaknesses to exploit as remote workers and IT engineers increasingly use Remote Desktop Protocol (RDP) to access internal resources. The higher use of personal devices has also complicated the problem of shadow IT, multiplying the potential points of access and making it more challenging for security professionals to safeguard company networks.


🔊 Subscribe to our podcast

Join our community and find your next job or expert in IT


[1] The 2020 Evil Internet Minute, RiskIQ, Inc. (2020)
[2] 2020 Threat Report, Webroot (2020)
[3] The McAfee Labs COVID-19 Threats Report, McAfee (2020)
[4] McAfee Labs COVID-19 Threats Report, McAfee (2020)
[5] McAfee Labs COVID-19 Threats Report, McAfee (2020)
[6] The State of Ransomware 2020, Sophos (2020)