Because IoT security is still an afterthought, cybercriminals in general consider smart devices a “low-hanging fruit” – a target easy to compromise and manipulate.
Security (and privacy) by design is key for IoT, and probably the only effective way for a smart gadget to protect its communications is to encrypt them. Unfortunately, it is still not easy to reconcile convenience with security when it comes to low-resource apparatuses. For that reason alone, many IoT products come with either ineffective features that encrypt communications and stored data or none at all.
According to a 2020 report by a threat intelligence team called Unit 42, 98% of the 1.2 million IoT devices on corporate networks they analyzed had no capability to encrypt traffic. As a result, 57% of these IoT devices were susceptible to traffic interception and manipulation, among other things. The same report further showed that mixing IoT and IT assets on VLAN may be dangerous, as compromised employee IoT devices could spread malware onto corporate networks.
“Designing a device that is easy