There’s little doubt that connected devices are the future. From security surveillance systems to the remote management and control of manufacturing equipment, the internet of things (IoT) presents a world of new opportunities to businesses of all types and sizes. At the same time, every new technology presents a new set of cybersecurity challenges that can leave businesses feeling hesitant to upgrade their systems. It’s time to think beyond weak passwords alone and start getting to grips with the real and increasing size and scope of the security threats out there.
New IoT Vulnerabilities Are on the Way
From smart door locks to internet-connected refrigerators, every new technological convenience comes with a new cybersecurity challenge. Among the most common vulnerabilities are insecure web interfaces and network devices, ineffective authentication regimes, lack of encryption, outdated and insecure firmware, and a whole raft of privacy concerns. The internet is fast becoming a global AI capable of seeing and hearing through connected sensors and thinking through data processing.
Some vulnerabilities concern only the consumer market, although there are plenty more that can and will affect businesses. For example, as internet connectivity becomes mainstream in vehicles, devices that monitor things like engine functions and locations reported by GPS could become vulnerable to hacking. If indeed autonomous vehicles ever surge in popularity, they’ll no doubt be even more exposed to potentially life-threatening vulnerabilities.
Another emerging risk concerns businesses that use IoT sensors for physically securing their premises by automatically locking doors and windows. To mitigate this, businesses will need to make sure that their physical security is at least as effective as it was before any IoT component is added.
IoT devices are and will continue to be the target of massive botnets designed to cause widespread disruption through distributed denial of service (DDoS) attacks. Last year, for example, the Mirai malware targeted consumer devices such as home routers and IP cameras. The malware was posted on underground internet forums, and it has undergone many modifications since then, as it has constantly evolved to exploit new devices.
How Can Businesses Counter the Threats?
The AT&T Cybersecurity Insights study recently revealed that 90% of organizations lack complete confidence in the security of their connected devices. What these studies demonstrate is that companies need to take a proactive and strategic approach toward cybersecurity if they want to be able to safely enjoy the benefits afforded by IoT.
As with any security strategy, countering IoT vulnerabilities starts with a thorough risk assessment that involves tracking and cataloguing all your connected devices, assessing the potential vulnerabilities affecting each one and determining how any data stored or transmitted can be safely isolated. Afterward, you’ll need to determine the steps necessary to secure both data and any connected devices and identify any regulatory or legal issues that might concern your infrastructure. Additionally, there are some basic requirements that any connected device in the workplace should meet:
- Every device should provide a means to update the firmware to address any vulnerabilities discovered after purchase. Ideally, this process should be automated.
- Every device should require the user to define a secure password rather than a weak and easily hackable one.
- Devices should not feature any ancillary functions that are not required to support its core role, since these may increase the number of potential attack vectors. In other words, let a toaster be a toaster.
- Device vendors should provide a high level of support, including access to reliable contact information, owner’s manuals, and updates, as well as an explanation of the product’s lifecycle.
Above all, IoT security needs to be approached pragmatically and with a long-term strategy in mind. The threat that connected devices presents is not going away, but neither is the need to adopt the latest technology to keep up with the competition.
Our team of technology specialists here at SpectrumWise understands that it’s not always easy to build an IT infrastructure that works for you. That’s why we provide expert diagnosis and recommendations for your existing network as well as a range of cloud services and other worry-free solutions. Call us today to find out how we can help.