1

A vulnerability is a flaw or
weakness in an asset’s design, A threat is a potential for A risk is the potential for
implementation, or operation a threat agent to exploit a loss when the threat
and management that could be vulnerability. happens.
exploited by a threat.

Vulnerability x Threat = Risk

2
IoT Architecture

3
Risks of IoT Devices
Cyber criminals an access
your heating and lighting
system to find out if you
are away from home.

Espionage: Hackers can Access your password or

opt to carry out a even your bank account
campaign where the end through the information
goal is the prolonged you shared with a digital
monitoring or assistant like Alexa and
surveillance of a home Google Assistant.

Use your devices as BOTs

to deliver computing
Break-in: The hackers
power for DDoS attack,
can monitor residents
click fraud, password
using IP cameras
cracking, or send out
installed in the house.
spam or mine
cryptocurrency.
Get into your network
through an IoT device and
launch a ransomware
attack making your IoT
smart home unusable,
unless you pay. 4
Risks of IoT Devices

5
Risks of IoT Devices

6
Risks of IoT Devices

7
Risks of IoT Devices
Amazon explained to ZDNet how it all happened:
"Echo woke up due to a word in background
conversation sounding like 'Alexa,' the company
said in a statement. "Then, the subsequent
conversation was heard as a 'send message'
request. At which point, Alexa said out loud 'To
whom?' At which point, the background
conversation was interpreted as a name in the
customers contact list. Alexa then asked out loud,
'[contact name], right?' Alexa then interpreted
background conversation as 'right'. As unlikely as
this string of events is, we are evaluating options to
make this case even less likely."

8
Apply the CIA Triad to Internet of Things Product
Design and Security

9
ELEMENTS OF THE AUGMENTED CIA TRIAD

10
 Including poor data protection

Constant
connectivity Poor password protection
Data sharing
of the
devices
Unpatched devices

Efficiency Convenience Poor IoT device management

IoT skill gaps

11
 IoT-related cybercrimes

IOT Botnets IoT Device Phishing and

and DDoS Ransomware Supply Chain Manipulatio Social
Attacks Attacks Attacks n Engineering

Data Theft Unauthorize Credential Surveillance IoT-Enabled

and Privacy d Access and Theft and Vehicle
Breaches Control Espionage Hacking

12
 IoT Cyber Risks

Firmware and
Lack of Encryption: Data Privacy
Weak Authentication Software Inadequate Device
and Authorization: IoT devices often Vulnerabilities: Concerns:
Management:
transmit data over Manufacturers may not IoT devices collect
Many IoT devices have Managing and securing a
weak or default usernames
networks without provide regular updates vast amounts of data,
proper encryption, and patches for IoT large number of IoT
and passwords, making devices can be often without users'
them vulnerable to brute leaving data vulnerable devices, leaving them
exposed to known challenging. explicit consent or
force attacks. Additionally, to interception and
they may lack robust tampering. This is vulnerabilities. Hackers Organizations may not knowledge. This data
authorization mechanisms, can exploit these have effective processes can be mishandled,
especially concerning in place for monitoring
allowing unauthorized when dealing with vulnerabilities to gain leading to privacy
access to sensitive data or and updating devices,
personal or sensitive access to devices or
leading to security gaps.
breaches and
control over the device. compromise their
information. potential misuse.
functionality.

13
 IoT cyber risks

Interoperability Supply Chain Risks:

Physical Security: Issues:
DDoS Attacks: Compromised or Legacy Devices:
IoT devices deployed
IoT devices from counterfeit IoT Older IoT devices
in physical IoT devices can be different components during may lack modern
environments may hijacked and used as manufacturers may the manufacturing
be physically part of botnets to not always work security features
and distribution
accessible to launch Distributed seamlessly together, process can and cannot be
attackers. Tampering Denial of Service potentially leading to easily updated or
introduce
with or stealing (DDoS) attacks on security replaced, leaving
vulnerabilities into
these devices can other systems or vulnerabilities when them susceptible
devices before they
compromise networks. attempting to to attacks.
integrate them into a
even reach the end
security.
larger IoT ecosystem. user.

14
IoT cyber risks Mitigation
Change default
passwords and
usernames on IoT
devices.
Educate users and
Regularly update
employees about
device firmware
IoT security best
and software.
practices.

Implement strong
Establish and
encryption and
enforce IoT
authentication
security policies.
mechanisms.

Segment IoT
Monitor network
devices from critical
traffic for unusual
networks when
activity.
possible.
15
 Follow CyberDost
on social media
- Get the latest Cyber Safety Tips
- Learn about various types of Scam Alerts
- Get updates on National and International
Cyber news
- Learn about the achievements in the attempt
to make the nation cyber safe
- Become a Cyber Volunteer and share the
CyberDost content with your community
- Do your bit to stay vigilant and stay cyber safe!

16