I recently read an interesting article in Forbes by Dr. Augustine Fou (see the link). Dr. Fou describes a number of the security issues which have affected a wide variety of IoT devices, Smartphones, Smart speakers and more.
As pointed out in this article, Dr. Fou highlights that many devices come with preinstalled software that has automatically got administrative access to devices, and these are engineering into the operating systems on many devices. Backdoors and security risks are frequently in place by default as a result.
This got me thinking about the number of clients that we have dealt with that have BYOD (Bring Your Own Device) policies in place, allowing staff members to utilise their own (untested and unaudited) devices without many additional controls. Clearly, if you have good business reasons to adopt BYOD, you should think about implementing a sensible security protocol alongside the policy to restrict the devices, software versions etc.
Combine this with the already widely understood exponential increase in attack surfaces which has been brought about by a large proportion of the corporate workforce working from during the pandemic, and the reasons to review your information security policies and technologies becomes clearer.
Perhaps I should be OK with all of that. Are you OK with that?