Why Manually Updating IoT Firmware is >10X Harder Than IT Firmware

by John Gallagher | Mar 22, 2021 2:50:38 PM

A recent quote from cyber expert Chris Roberts highlights the immediate threat from unpatched and unsecured IoT devices: “we’ve often used (IoT) systems as pivots into the corporate environments because we again see where too often the physical and digital security folks are not talking in an efficient way.”

Because hackers view unmanaged and IoT devices as easy prey, no surprise that the fastest growing cyber threat to organizations is the number of unsecured, distributed, and unmanaged devices. According to Forrester Research security incidents involving IoT devices have already impacted 67% of organizations, and hackers are increasing the volume of attacks against such devices. Since 2019 there have been more vulnerabilities targeting unmanaged and IoT devices than IT systems, with forecasts showing over 70% of vulnerabilities in 2025 focused on them. And breaching IoT devices can directly lead to a breach of the overall corporate network.

In short, the threat is large and growing, and organizations need to take urgent action. What’s holding them back?

One reason is the lack of scalable, easy to deploy solutions to remediate device vulnerabilities. Unlike patching firmware on traditional IT systems, there are significant differences in how unmanaged and IoT devices must be secured. Some of those differences include:

  • Lack of corporate governance policies on securing devices
  • Vendor-specific methods of distributing of firmware
  • Limited verification to ensure “trustworthiness” of firmware
  • Firmware update requires coordination with multiple systems (e.g. application, network, devices)
  • No central console across multiple systems; each device type has a separate update mechanism
  • Limited controls to start/stop/revoke updates
  • No audit trail of operations, who performed them, and when

These differences not just limited to firmware updates. Similar issues impact managing device-level certificates (TLS or 802.1x), password management, and operational information needed for compliance and audit. All three (firmware, certificates, and passwords) much be managed at the device level to address cyber vulnerabilities. But compared to IT systems, there are vastly more unmanaged and IoT devices (>5X currently, expected to be >10x in 2025). Manual methods simply won’t work to keep unmanaged and IoT devices secured and operating as they should.

Viakoo is the leader in agentless and automated cyber hygiene for unmanaged and IoT devices; we’ve solved the most difficult part of automating cyber hygiene, which is the “last mile” problem of being able to work with the device to trigger updates and management of the device. As a well-proven solution (>750 million hours of real-world use) we’ve gained experience across multiple industries and types of devices. If you have the threat of a growing attack surface from unmanaged and IoT devices, and thought that manual methods were your only choice, we’d encourage you to sign up for a demo and see for yourself that an automated and proven solution is available to dramatically reduce risk. Sign up today at: https://www.viakoo.com/request-a-demo

Subscribe Now

Additional Reading