CYBERSECURITY AND THE INTERNET OF THINGS
The British semiconductor firm ARM estimates that one trillion IoT devices will be built between 2017 to 2035. According to a 2016 study released by Gartner, more than half of new workflow and processes implemented by businesses will include an IoT component by 2020. And that, unfortunately, will also increase the potential of security risks. Cybersecurity and The internet of things now go hand in hand.
The IoT provides more cyberattack possibilities every day
The rate in which the IoT introduces new opportunities for a cyberattack is higher than anything we’ve seen previously, and it’s accelerating. Therefore, the security challenges for all organizations is also accelerating.
If your business utilizes IoT devices connected to your organization’s internal network (which constitutes most every kind of business-enhancing device these days), the responsibility lies with your IT team or your managed service provider to ensure that they are following best security practices.
Since the IoT brings all these devices together, network segmentation – typically a component of network management – plays an important role in IoT security. Segmentation ensures that certain IoT devices, such as routers and alarm systems, don’t negatively affect your businesses more traditional connected devices like mobile phones, printers and laptops.
Many organizations are beginning to institute employee policies stating that permission must be sought and acquired before connecting any unauthorized IoT device (such as a Fitbit) to a business network.
Cyberstalking and Botnets
Technically, it is possible for someone to hack an IoT device for the purposes of cybersurveillance. We’ve already heard stories about smart home devices being used to spy on users. While it is possible, it should not be a security priority because most cybercriminals usually have other, more lucrative, efforts in mind.
Today, the risks to watch out for are hacked devices being used for other nefarious purposes, such as employing them as a botnet.
Botnets are a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge. or being leveraged by cybercriminals to hide their identities and motives. Botnet attackers profit from causing the denial of services to large numbers of hosts. Botnets are similar to – but should not be confused with – ransomware.
This where most businesses should concentrate their security efforts. In late 2016, the internet was widely impacted by the Mirai botnet. Cybercriminals leveraged the fact that there are countless unprotected IoT devices within their reach. Botnets will become more prevalent as the IoT continues to ingrain itself into the business ecosystem.
There are ways to avoid becoming part of a botnet, and they all revolve around common-sense security measures.
Along with the previously mentioned network segmentation, controls like firewalls and network traffic monitoring should also be standard practice.
And don’t forget about changing device credentials – user ID’s and especially passwords. Almost all IoT devices come with default credentials. Changing them is easy and should be done regularly, even at the slightest hint that something may be amiss.
Security needs to be part of the IoT product lifecycle
For businesses that develop IoT devices, or the services that support them, security should be a required component. Often times, security is relegated to an afterthought of other, more flashy device features and not given the proper amount of consideration.
The usability and convenience of an IoT device always seem to override the developers – and users – security concerns. The E.U. has taken the lead in developing new IoT security rules, while the U.S. has been much slower at adopting security measures around IoT devices. As a result, expect security problems to get worse, not better.
In the meantime, it’s up to us to police ourselves. Before investing in new IoT devices for your business, research them as thoroughly as possible. See if there have been any security vulnerabilities reported. Once connected, install updates as soon as they are available to you. Although price points are often a consideration, remember the old adage that you get what you pay for.
The bottom line on IoT devices and cybersecurity is this – you need to ensure that you are doing everything possible to mitigate a potential IoT risk using all the controls available to you today. Once you connect a new device to the internet, cybercriminals will start look for its vulnerabilities.