Among the most significant cybersecurity threats this year comes via the Internet of Things (IoT), and they are increasingly becoming more sophisticated and targeted. Proactive cybersecurity is needed to address vulnerabilities in the growing connectivity of both the digital and physical ecosystems constituting IoT.

This term is typically used to describe hardware and gadgets that can be found, identified, addressed, read, and/or controlled online. As the digital and physical worlds merge, the result is the Internet of Things. This includes tangible items that can speak to each other, such a machine for a human and another machine for another machine. It encompasses wearables, automobiles, edge computers, security cameras, and household gadgets.

Now that any physical device can be connected to the Internet, giving it access to more processing power and analytical skills that make it “smart,” billions of physical objects are anticipated to join the global digital network in the years to come. For any country, this presents both opportunities and hazards for its governments, businesses, organizations, academic institutions, and citizens.

This year it is estimated there are more than 80 billion IoT devices connected, predicts research firm IDC. Furthermore, according to IDC, the number of devices with internet access—such as the computers, sensors, and cameras that make up the Internet of Things—continues to expand steadily. When 41.6 billion IoT devices, or “things,” are connected, 79.4 zettabytes of data will be generated, according to IDC. This includes the outputs from trillions of sensors.
IoT is all encompassing for both businesses and consumers. The industry verticals being affected by IoT are supply chain and retail, communications, healthcare and medical, building and construction (smart buildings), environmental waste management, water resources, industrial applications, energy (smart grid), transportation, and education (learning analytics).

A growing trend of vulnerabilities throughout the digital ecosystem is highlighted in Forescout’s fifth annual Riskiest Connected Devices of 2025 report. According to the research, the majority of devices with the most serious vulnerabilities are routers, according to the research, which shows a 15% increase in average device risk year over year. Retail was the industry with the most dangerous equipment on average, followed by manufacturing, financial services, government, and healthcare. The average device risk score increased to 8.98, up 15% from 7.73 in 2024, highlighting a growing threat landscape that impacts all sectors of the economy. Forescout’s 2025 report reveals surge in device vulnerabilities across IT, IoT, OT, and IoMT – Industrial Cyber

Cybersecurity and IoT

Due to the increasing attack surface caused by remote work and the interconnection of IOT devices, everyone is now a target. There are more than 20 billion connected devices in our world. For a hacker, each of those is an outlet. Within the next fifteen to twenty years, it will quadruple. There will be more gadgets than people on the earth, with each person owning three or four devices. Hackers easily exploit it. They decide how they want to enter.

Cybersecurity requires an understanding of the Internet of Things. With the embedded communication hardware, sensors, and CPUs these devices can be configured to gather, send, and process environmental data. They are connected through an Internet of Things gateway, often in The Cloud, which acts as a hub for data exchange.

IoT devices are diverse, and safeguarding such a broad target against intrusion is challenging, particularly in light of the multiplicity of device kinds and security requirements. The general assumption regarding security operations on these billions of IoT devices is that everything connected can be compromised. This is exacerbated by the reality that many IoT manufacturers put cost and ease of use ahead of security, which results in devices with out-of-date firmware, default passwords, and unpatched vulnerabilities.

The lack of visibility and the inability to identify whether a device has been compromised and is not operating as intended present a cybersecurity risk for the Internet of Things. The Internet of Things is seriously threatened by the growing endpoint integration and an unmanaged, quickly expanding attack surface. It can be difficult to see and safeguard the IoT devices that are connected.

With IoT assaults becoming more frequent, it is critical to recognize and comprehend the danger, particularly when considering the trends of remote offices and teleworking. Every IoT device is vulnerable to intrusions that could allow hackers to access your data. Please see my earlier FORBES article: Cybersecurity Threats: The Daunting Challenge Of Securing The Internet Of Things Cybersecurity Threats: The Daunting Challenge Of Securing The Internet Of Things

Unique obstacles are also presented by IoT devices. Laptops and smartphones have more processing and storage capacities than the majority of IoT devices. It is challenging to use firewalls, antivirus programs, and other security tools that could assist protect them as a result. Additionally, by cleverly gathering local data, edge computing helps more experienced players focus on the hazards.

AI and IoT

Attackers are leveraging artificial intelligence (AI) to optimize phishing campaigns and evade detection. By automating phishing, brute-force attacks, and credential stuffing, AI increases the scalability of cyberattacks. The proliferation of insecure IoT devices has led to the proliferation of sophisticated AI-driven malware and targeted ransomware attacks.

Defending against AI threats is not an easy task but there are steps that can be taken. Machine learning-driven anomaly detection systems are a prime example of how artificial intelligence is transforming threat prevention in IoT contexts. These systems, for instance, can identify behaviors in network data that could indicate unauthorized access or harmful activities.

An appealing target for ransomware attacks is the Internet of Things. IoT devices have inherent vulnerabilities, especially IoT medical equipment used in the healthcare sector, and in transportation and manufacturing. The lack of data backup and recovery features in many IoT devices renders the attacks by ransomware problematic.

But because IoT networks are so diverse and complicated, advanced solutions tailored to specific attack vectors are needed. Static analysis is commonly employed in traditional cybersecurity methods, which might not be sufficient to combat rapidly evolving dynamic threats. Additionally, IoT already accounts for 30% of enterprise network endpoints. Experts caution that current attacks cannot be stopped by antiquated security models alone.

AI-aware protections, such as AI-assisted detection, should be incorporated into security teams’ plans to address new threats and attacker capabilities.

Botnet Threats to IoT

The supply chain is more vulnerable as a result of the Internet of Things (IoT). The Internet of Things’ exponential connection results in a constantly growing network and device mesh. The internet of things faces a serious threat from the growing endpoint integration and an unmanaged attack surface that is expanding quickly. Without human assistance, AI-powered IoT botnets are being designed to autonomously look for and take advantage of insecure IoT devices. Hackers can overload websites with traffic requests by botnets leveraging IoT endpoints, which results in site crashes.

The 2025 Imperva Bad Bot Report, a worldwide survey of automated bot traffic on the internet, was released by Thales. According to this year’s report, the 12th annual research study, generative artificial intelligence (AI) is transforming bot production and enabling less experienced players to launch more frequent and larger bot attacks. The report’s analysis shows that cybercriminals are targeting API endpoints that handle valuable data. Using these sophisticated bot attacks, malicious actors aiming to breach sensitive data are focusing especially on the financial services, healthcare, and e-commerce sectors. 2025 Bad Bot Report | Resource Library

High-performance enterprise servers and routers are now being added to low-power IoT botnets by hackers, increasing the scope and impact of their attacks, according to security firm NetScout. These campaigns are now more persistent, scalable, and accessible than ever thanks to the combination of AI-driven automation, proxy-based application-layer floods, and commercially available DDoS-for-hire services that come with reconnaissance and orchestration tools. NETSCOUT warns of AI-driven DDoS attacks, threatening critical infrastructure and amplifying cybersecurity risks – Industrial Cyber

Cyber-attacks on IoT are not new. Many botnet hacks have targeted the Internet of Things in the past decade. The massive and well-known Mirai botnet DDoS attack in 2016 is one example. The Mirai botnet, which started a distributed denial-of-service (DDoS) attack on Dyn, a domain name system provider for several well-known online platforms, was made up of hundreds of thousands of compromised IoT devices. By flooding a single server with millions of bytes of traffic, the DDoS attack forced the system to crash. Commonplace devices such as malware-infected webcams, digital routers, and video recorders were used to initiate some of the Dyn breaches, which used IoT devices.

In March 2021, Verkada, a cloud-based video surveillance service, was hacked. In addition to the confidential data of Verkada software clients, the attackers used authentic admin account credentials that could be available online to obtain live feeds from over 150,000 cameras installed in industries, hospitals, schools, jails, and other locations.

The 2018 GitHub software development site was the target of a massive botnet attack, one of the largest DDoS attacks ever recorded. Thousands of client webcams were viewed by more than 100 workers who were later discovered to have “super admin” access. This highlighted some of the dangers of having too many privileged users.4. . Because of that attack, the platform went offline. There have been a lot of other alarming high-profile IoT botnet attacks recently.

IoT and Risk Management

Businesses must take a proactive approach to IoT security in order to protect against IoT malware threats. Identifying and addressing the risks associated with the Internet of Things through a thorough risk management approach can significantly aid in closing security vulnerabilities. Understanding the IoT ecosystem, knowing how to best safeguard the most critical items, and successfully managing and removing security incidents and violations are all important components of risk management of IoT.

* Make use of a well-established framework for IoT Internet security that incorporates best practices and industry expertise, including those offered by NIST.
* Evaluate the security of every device (both internal and external) linked to your network.
* Create an incident response plan for responding to breaches.
* Reduce the number of IoT devices to minimize attack points.
* Include digital fence devices, containers, and security software in your network.
* Track, monitor, and disseminate threat intelligence, preferably enabled with AI
* Check all software for network and application vulnerabilities.
* Patch and update devices’ and networks’ vulnerabilities.
* Avoid adding devices with default passwords and other known vulnerabilities to your network.
* Strictly manage device and application controls privileged access with a Zero trust policy.
* Utilize biometrics and robust authentication to manage access.
When establishing a network connection, use device authentication.
Encrypt Internet of Things communications, particularly while sending data.
* Employ robust firewalls secure Wi-Fi, and protected routers.
* Make a backup of all your sensitive data.
* Provide all staff with safety awareness training.

Regulating IoT

Regulating IoT is a major challenge. IoT entails connecting numerous devices and storing a lot of data; therefore, a system failure could cause serious issues for sensitive data in computer networks and supply chains. Numerous legal and regulatory factors could consequently be involved. The growth of shadow IoT devices at the enterprise level and the lax implementation of security rules for IoT device makers present a serious risk to multinational corporations.

IoT’s lack of a unified manufacturing standard or security regulation is one of its main complaints. This leads to the delivery of items that are assembled after being made in various parts of the world and typically lack adequate protection. It is common for people to leave their gadgets’ default passwords unchanged.

Governments, businesses, and organizations have been debating the development of standards to safeguard IoT devices for a while. Establishing standards is challenging since manufacturers do not share many design components and data.

It’s important to know the hazards and how to reduce them. However, the rapid technological advancement and broad use of IoT devices present serious regulatory issues. Regulatory compliance is made more difficult by the global nature of IoT. The data collected by IoT devices may be processed and stored in multiple countries, and these devices frequently travel across national borders. A cautious approach that considers consumer protection, international coordination, privacy, and security is necessary for regulation. A concerted worldwide regulatory response is therefore required.

We are approaching unexplored digital ground as a society poised to achieve unprecedented exponential connection. We will undoubtedly face new dangers and unanticipated problems as the Internet of Things develops and grows. We must create functional standards, IoT security risk frameworks, and innovative solutions enabled by AI to prevent and repair cyberattacks in order to address the possible risks associated with IoT. In 2025, IoT security must be a pro-active necessity rather than just a priority.

Source link

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here