All too often, the public conversation about the Internet of Things (IoT) refers to consumer devices like connected home appliances, smart watches, and autonomous cars. However, the IoT originated in the business world long before consumers ever knew about it. Connected sensors and other devices have been helping organizations track data and monitor systems for years now, providing operational insights that create greater efficiency, improve processes and help inform business decisions.
With the explosion of connected devices, however, cybercriminals have focused their efforts on exploiting IoT devices – and enterprises are not exempt from these efforts. Businesses might not think about the cyber security settings of their photocopiers, yet 2016’s Mirai malware used hundreds of thousands of IoT devices to create a botnet that took down popular proxy server Dyn, and with it, nearly one-third of websites globally.
If history is any indication, this kind of attack is just the beginning of malicious IoT exploits.
Pandora’s IoT box has been opened, and hackers are looking to profit – or to make a statement.
The rapid and wide-scale adoption of connected sensors and IoT devices in manufacturing, healthcare, transportation and utility settings means that a broad swath of the global economy’s critical infrastructure is increasingly vulnerable to these attacks.
These developments leave enterprises wondering what it will take to keep their networks safe – and whether the IoT is worth it. As a result, many are holding off on implementing connected technologies. Forrester predicts that security concerns will choke the growth of IoT adoption in 2017.
Still, it would be unwise to ignore the IoT and its tremendous potential to provide competitive advantage via innovative solutions derived from data analytics. Choosing and deploying secure IoT solutions provides valuable new business insights and efficiencies while protecting your data and infrastructure assets.
Significant security implications
Purchasing IoT devices requires knowledge of the level of security that manufacturers have built into their products. While it is (relatively) easy to design and ship an IP camera, for instance, the ease at which one can be hacked from factory settings makes installing one an unacceptable risk factor to the network – and your enterprise.
IoT security has become so significant an issue that regulators have begun to take action to encourage best practices. In January 2017, the Federal Trade Commission (FTC) filed a complaint against router giant D-Link, charging that the company had deceived users on the security of its products and failed to take steps to secure those products appropriately. This case has become a bellwether because the complaint was brought in response to the vulnerabilities themselves, not because of a breach exploiting those vulnerabilities. This is a sign that regulators are taking a more aggressive stance in demanding that connected device manufacturers take clear and sufficient steps in securing their products.
Steps toward greater security
To build greater IoT security into your business, follow these initial steps:
- To find the right talent, clarify your terms: IoT means many things to many people. A job ad asking for an IoT professional may attract 10 people with 10 different backgrounds. Think instead about what your company does with connected devices and the specific skills it needs to manage and deploy those applications, systems, and devices securely. Looking for and training people with IoT certifications is a way to ensure a strong bench of those skills.
- Buy devices with unique credentials: It’s a security disaster waiting to happen to plug in connected devices with factory settings. Require that each device has a unique password from the manufacturer, printed on a sticker that’s included on the device itself. This significantly reduces the chances of compromise.
- Consider open source carefully: Open source IoT software is an easy, cheap and flexible option. Yet security flaws can be exploited rapidly, and patches are often slow in coming. IT teams therefore should be aware of the risks in using technologies that are based on open source code.
- WiFi and beyond: WiFi certainly has its place, but there are additional options. For wide-scale installations in specialized vertical network environments, like manufacturing or healthcare, consider using one of the many specialized communications protocols that are available to your engineers. Do all functions need to be performed on the device or can some be punted back to the network? Minimizing the need for the device to perform all functions and be connected to all traffic all the time can also reduce its threat exposure.
Cybersecurity due diligence
The IoT holds tremendous appeal to enterprises – and to cybercriminals as well. Reputation and customer retention depend on a well-rounded cybersecurity strategy; no stone must be left unturned. Enterprises that fail to secure their devices may find themselves in regulatory hot water, as well. By implementing the steps above, you can begin the process of securing your network and the devices connected to it. They will help you maintain and expand your security posture while taking advantage of the IoT’s many benefits.