Skip to Content

ISACA CRISC: What is the Greatest IoT Risk for Supply Chain Management?

By: Author Alex Lim

Posted on

Categories Exam

IoT devices with hard-coded passwords pose the greatest risk when implementing an IoT solution for supply chain management. Learn why default credentials are so dangerous.

Table of Contents

Question

An organization is considering an Internet of Things (IoT) technology solution to manage its supply chain. Which of the following presents the GREATEST risk to the organization in this situation?

A. IoT devices with hard-coded passwords
B. Lack of physical hardening
C. Lack of regulatory guidance regarding IoT
D. Outdated out-of-the-box IoT firmware

Answer

A. IoT devices with hard-coded passwords

Explanation

IoT devices with hard-coded passwords present the greatest risk when an organization is considering an IoT solution to manage its supply chain. Hard-coded passwords are default credentials that are embedded into the firmware or software of IoT devices. These passwords are often weak, publicly known, and identical across all devices of a given model.

The key reasons why hard-coded passwords pose such a significant risk include:

  1. They allow malicious actors to easily gain unauthorized access to the devices and the sensitive data they collect and transmit. By using lists of known default passwords, attackers can rapidly compromise large numbers of IoT devices.
  2. Changing hard-coded passwords may be difficult or impossible since they are often part of the core programming. Even if the password can be changed, many organizations neglect to do so.
  3. Compromised devices can be used to disrupt operations, steal data, deploy ransomware, and launch further attacks on other systems. In a supply chain context, this could lead to production stoppages, inventory management issues, intellectual property theft, and more.
  4. The scale and automation of IoT device deployment mean that a single hard-coded password vulnerability could rapidly lead to a massive breach involving thousands of devices.

While the other options listed – lack of physical hardening, lack of IoT regulatory guidance, and outdated firmware – are also IoT security risks, hard-coded passwords are the most critical and widespread risk that undermines the basic security of the devices themselves. Addressing this vulnerability is essential for any IoT deployment.

ISACA CRISC certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the ISACA CRISC exam and earn ISACA CRISC certification.