The Internet of Things (IoT) has changed our lives and jobs. Everything works more seamlessly now, thanks to connected devices and systems; from personal devices to critical infrastructure components. This blog outlines what IoT security affects, and some of the things one can do to mitigate risk. This is followed by real-world examples and updates for 2025 on growing security risks and defense against them.
The Importance of IoT Security
The growing use of IoT devices is underscoring the importance of addressing IoT security issues. By 2025, there will be over seventeen billion IoT devices, and it is estimated that this will increase to twenty-nine billion by 2030 (Statista). As they are constantly capturing, sharing, and processing vast amounts of sensitive data, IoT devices are not just targets for spying and compromise, but they can also be used as points of entry for cybercriminals to engage in both direct spying on the data captured by the device (i.e., from a compromised smart doorbell) or to engage in botnet attacks. Although some devices are small (e.g., smart doorbells and smart thermostats), they are still targets for compromised and spying threats. Many IoT devices, specifically home smart devices, lack critical security features such as encryption, security through obscurity, two-factor authentication, and updates. The growth of IoT and its ongoing expansion are simply going to expose more vulnerable data. Let us look at a few sectors impacted by IoT security issues, and how they are dealing with it.
Healthcare Industry
The IoT is already a common tool in the healthcare industry for patient monitoring, diagnosis, and treatment; however, as more IoT-enabled medical devices are connected to hospital networks to improve care, an increased number of cybercriminals target them. In February 2025, 16.6 million patient documents were leaked from a Southeast Asian hospital network following a cyberattack.
The main risk is operational outages that allow unauthorized access to patient data, remote control of life-saving medical devices, and downtime for patient care. This can be mitigated by IOT medical device removal from hospital networks and connection with an isolated secure network, by ensuring firmware updates regularly, by following security guidelines OWASP and by having a cybersecurity plan for updates.
Retail Industry
The use of IoT solutions in retail is spreading fast for inventory control, management of smart devices, tracking customer behavior; but if not properly configured they expose the retail network to various cyber threats such as hacking payment infrastructure, violation of customer data or unauthorized access to freezers or even lighting systems controlled by IOT solutions. Retail sellers can address these risks using firewalls, updating IoT firmware, limiting access with ACLs (access control list), and encrypting communication using a protocol like TLS.
Manufacturing Industry
Industrial automation and optimization of processes are transforming manufacturing using IIOT, but outdated PLCs and gateways are still susceptible to cyberattacks. Hackers have been accused of altering arm limits on robots, compromising the Internet of Things (IoT) network of a German robotics factory, and resulting in production losses of over €6 million by 2024. OT infiltration detection systems, separation of the operation and IT networks, and remote access with multi-factor authentication and strong credentials can help manufacturers to secure their facilities.
Modern production is being completely transformed by the industrial automation revolution and the rise of the Industrial Internet of Things (IIoT). Cyberattacks can easily target many facilities since they are using outdated PLCs and unprotected gateways. In late January 2025, Unimicron Technology, a well-known brand in printed circuit board (PCB) manufacture, experienced a noteworthy occurrence when its Chinese subsidiary, Unimicron Technology (Shenzhen) Corp., was attacked by ransomware. The business launched a forensic investigation and immediately notified the Taiwan Stock Exchange of the incident. In addition to claiming that they stole approximately 377 GB of confidential information, some of which was posted online, the Sarcoma ransomware organization claimed responsibility for the attack and threatened complete disclosure if their ransom demands were not met. This event shows how important it is for manufacturers to implement reliable OT infiltration detection measures, enforce strict separation between operational and IT networks, and secure remote access with multi-factor authentication and strong credentials.
Source: https://www.msspalert.com/brief/unimicron-purportedly-subjected-to-sarcoma-ransomware-attack
Automotive Industry
Modern cars incorporate many Internet of Things (IoT) modules to provide entertainment, safety, navigation, and diagnostics features that improve the user experience but have raised severe security issues. In late 2024, ethical hackers found flaws in telematics APIs from several automakers that would enable them to remotely start engines, unlock doors, and track locations, with potential outcomes such as vehicle hijacking, illegal access, and tracking of driver location. Automakers must be able to use cryptographic techniques to verify firmware integrity, implement encrypted OTA firmware updates, and establish strong API authentication.
Consumer Electronics
Common household appliances such as voice assistants, TVs, and cameras are examples of smart home devices for which convenience and control have made them common place in the home. They can also be deployed to launch cyberattacks or compromise user privacy. For example, in March 2025 researchers identified a variant of the Mirai botnet that infected smart thermostats. It was later employed to launch a 1.5 Tbps DDoS attack on Asian banking systems. Threats include the use of compromised devices for large-scale attacks and loss of personal privacy. According to Kaspersky, in 2024, more than 1.7 billion cyberattacks on IoT devices were detected, with over 850,000 attacks launched worldwide; the UAE reported 45,708 IoT attacks (a 54% increase from the year before). This can be avoided by changing default passwords, turning on automatic software updates, and buying products from companies that have clear security policies and enforce them.
Agricultural Industry
As precision farming is evolving, soil moisture sensors, autonomous tractors, and smart irrigation systems have become more common in farming, and due to that Internet of Things (IoT) security challenges are also emerging. In 2024, the Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC) reported over 200 ransomware incidents targeting farms. The Belgian brewery Duvel Moortgat temporarily closed multiple locations due to a ransomware attack. One farmer in Switzerland lost control of his milking robot and it resulted in the death of a pregnant cow. To protect agricultural IoT systems, a farmer needs to manage physically securing the devices placed in the field, encrypt data sent over the air, and ensure remote access is used with strong credentials.
IOT Safety Improvement
Securing IoT devices means combining industry standards, advances in technology and best practices. This includes updating security patches, segmenting IoT networks to limit the effect of threats, using multi-factor authentication and strong passwords (preferably strong configured secure settings, not factory defaults), a layered security method that considers risks associated with all available attack vectors, requesting Software Bill of Materials (SBOMs) from vendors, enforcing encrypted communications with protocols such as TLS 1.3, and giving each connected device a unique identifier.
Conclusion
Although the Internet of Things (IoT) is operating across multiple industries, failing to take security into account can lead to significant risks. Cyber threats will only become more sophisticated in 2025, making it more important than ever to implement IoT security at the source. Whether in a hospital or a factory, the need for greater security is pressing and clear.
At eInfochips, our end-to-end security solutions are designed to prevent breaches and protect data throughout its lifecycle, from development through deployment. We provide comprehensive security services that enable trusted service provider (TSP) technologies like security systems, smart cameras, and other connected home experiences. In addition to securing products, we also help clients meet and maintain compliance with key global standards and regulations, including IEC 62443, FDA guidelines, HIPAA, GDPR, ISO 81001, IEC 60601, ISO 14971, and ISO 13485. Whatever the case, whether one is developing a healthcare device, an industrial system, or a consumer product, our expertise ensures secure and compliant solutions.
