We’re sure you’ve heard of the term “Internet of Things,” (IoT) by now. From your home to your business, you probably have hundreds, if not thousands, of Internet-connected devices. While IoT, helps us live and work more efficiently, it also presents a far bigger security risk than many of us realize.
IoT promises to make our lives more connected than ever before. It’s a world where all of our devices connect to the internet: from your thermostat to your fridge, and data is collected about you and your daily habits. This analysis and collection of data promises to have a range of positive possibilities for your life, but there is a darker side to it. And before we can look towards the positive impacts, we have to consider the negative and potentially serious security and privacy threats surrounding the world of IoT.
While exciting and convenient, it’s obvious that IoT devices aren’t always designed with security at top of mind. This lack of emphasis on security explains what happened to Dyn in October 2016 and it also explains why 96% of security professionals expect an increase in IoT breaches in 2017.
As we become more acquainted with the IoT, we’re also exposed to a new set of security risks and challenges. IoT devices, platforms and OS will require new security technologies that will protect them and their users against both information and physical security attacks. As mentioned in this excellent article by Ahmed Banafa, “new security technologies will be required to protect IoT devices and platforms from both information attacks and physical tampering, to encrypt their communications, and to address new challenges such as impersonating “things” or denial-of-sleep attacks that drain batteries, to denial-of-service attack.”
Beyond that, IoT is still so new that many of the “things” rely on simple processors and operating systems that do not support or facilitate new and sophisticated security measures – and not to mention that this is an entirely new landscape, so experienced IoT security specialists have not yet emerged.
So, how do we make sure that we can enjoy the great benefits of IoT without the worry of loss of data and privacy breaches? Chiefly, businesses must realize that mitigating and limiting security risks goes beyond just protecting your devices themselves. As part of a larger, more active IoT security strategy, one must first establish guidelines for how Internet-connected devices and platforms are utilized within the systems they operate in.
Consider it not just one piece to the puzzle, but so integral to your overall technology ecosystem that it can’t be ignored. While broad, this point of view will help you create a necessary shift in thinking for your company and your team that will help them understand the growing importance of cyber and IoT security.
To aid in that shift, here are 4 main areas where you can focus your attention in the immediate:
It starts at the top, and the leadership team must prioritize IoT security. According to Gartner, “By 2020, IT-sponsored information security programs will suffer three times as many significant breaches as those sponsored by business leaders.“ Having those at the top care about this important subject can help you avoid a disaster.
IoT is bigger than it seems, and not only a “security” issue, but a business issue. If you allow your devices to go unprotected, you could be compromising precious employee and company data – and ultimately compromising your business as a whole. Leaders must take on the mantle of IoT security champions to expedite this way of thinking.
Once you’ve established buy-in at the top, make sure to include roles and responsibilities for everyone on your team. A strong IoT security policy will illustrate everyone’s role and all the potential risks and precautions that are instrumental in protecting your company. And don’t forget – once created, your policy should be seen as a living document. Keep updating and adding to it as changes happen, otherwise you’ll be left behind.
Keep it simple by deciding what devices you absolutely need. By paring down the list of devices your staff or you use, you will aid in understanding your entire tech and security stack. Zero in on the devices that you are using that are must-haves and understand both the benefits and the risks of each of them. These include devices that are used off-premises such as cell phones and work laptops. Technology, big or small, when connected to the internet leave your network open for attack. Even your printer can be mobilized against you when your employees send data via wireless connections.
Beyond just managing your devices, understand who has access to each of your tools and technology. By managing third-party access, you will limit your risk that these parties bring as well. When you employ outside help, you may often allow them to access pertinent and precious data – ensure that you document who has which credentials and have a policy in place in case of a breach.
By creating discrete networks through your company, you will be able to mitigate potential weaknesses in your overall security. These networks can have restricted and limited access and can be provided to guests and business partners.
From a recent Forrester report: “It’s imperative for today’s digital businesses to balance the business benefits that IoT-connected products can deliver with the recognition that these same devices have become an attractive attack plane for hackers and cybercriminals seeking to cause disruption and exfiltrate sensitive data.”
As we travel deeper and deeper into the Internet of Things, we can expect increased government regulation and an overall increase in awareness from consumers and investments in IoT security. Ultimately, it’s not about creating a culture of fear; it’s about building a proactive culture where everyone understands the risks and has measures to protect them against potential threats.