#5.

Poor IoT device management

A study published in July 2020 analyzed over 5 million IoT, IoMT (Internet
of Medical Things), and unmanaged connected devices in healthcare, retail,
manufacturing, and life sciences.
It reveals an astonishing number of vulnerabilities and risks across a
stunningly diverse set of connected objects.
They include shadow IoT (devices in active use without IT's knowledge),
compliance violations, and US Food and Drug Administration recalled
(defective and risky) medical devices. 
The report brings to light disturbing facts and trends:
 Up to 15% of devices were unknown or unauthorized.
 5 to 19% were using unsupported legacy operating systems.
 49% of IT teams were guessing or had tinkered with their existing IT
solutions to get visibility.
 51% of them were unaware of what types of smart objects were active in
their network.
 75% of deployments had VLAN violations
 86% of healthcare deployments included more than ten FDA recalled
devices.
 95% of healthcare networks integrated Amazon Alexa and Echo devices
alongside hospital surveillance equipment.
Needless to say, that having smart speakers connected to a hospital network
violates privacy requirements as attackers can eavesdrop or record
conversations.
But wait - there's more.
Magnetic Resonance Imaging and Computed Tomography machines were
discovered running social media platforms. 
 On one site, a Tesla was even connected to the hospital network.
These hazardous connections are putting organizations at risk.
Ransomware gangs specifically target healthcare more than any other domain
in the United States. It's now, by far, the #1 healthcare breach root cause in
the country.
 According to Health IT and security, ransomware attacks on healthcare
providers rose by 350% in Q4 2019, and 560 healthcare providers fell
victim to ransomware in 2020.
 A Checkpoint Research paper published at the end of 2020 showed that the
average number of daily ransomware attacks increased by 50% in Q3 than
in H1 2020.
Think about it for a moment.
The mix of old legacy systems and connected devices like patient monitors,
ventilators, infusion pumps, lights, and thermostats with very poor security
features are sometimes especially prone to attacks. 
So, these criminals understand that stopping critical applications and holding
patient data can put lives at risk and that these organizations are more likely
to pay a ransom.
The outcomes of recent ransomware attacks included:
 disruption of operations, 
 compromised customer data and safety, 
 loss of information, financial losses, 
 reputational damage.
Here's the good news.
These vulnerabilities and IoT security threats can be radically reduced by
implementing IoT device management platforms. 
They provide class-leading lifecycle management capabilities to deploy,
monitor, maintain, manage and update IoT devices.
They respond to end-to-end solution needs from customers and the essential
security challenges tackled with device management. 
They deliver a single view of all devices that helps enabled unified security
and unified client abstraction for fragmented device profiles. 
These types of platform functions can, for example, help improve asset
provisioning, firmware upgrades, security patching, alert, and report on
specific metrics associated with IoT assets.
The combination of such intelligence data can prove very effective in
detecting harmful threats and finding solutions.
But who's going to manage IoT for your business?