Protecting your IoT devices from cybersecurity attacks
The Internet of Things (IoT) generates granular operating environment data enabling automation and insight unimaginable just a few years ago. The IoT Cybersecurity Alliance predicts that more than 30 billion connected devices will be in operation by the end of 2020 and IDC forecasts global IoT spending will total nearly $1.4 trillion by 2021. While the economic opportunities are substantial, there are corresponding information security and privacy considerations that require attention. The five industry verticals with both high adoption and dependency on IoT and critical cybersecurity risk management considerations include:
- Healthcare/Life Sciences
- Smart Home/Consumer
- Infrastructure /Smart Cities
- Transportation/Urban Mobility
- Industrial IoT (IIoT)/Industry4.0
According to IDC, the biggest challenge for IoT deployment is cybersecurity. Gartner predicts that by the year 2020, over 25% of enterprise attacks will involve IoT. Until recently, the only goal for IoT was low cost and functionality, and IoT devices rarely address security. Essential functions such as the ability to upgrade the OS/firmware, manage configurations, and monitor device availability and health are not present. Moreover, IoT devices regularly utilize cheap processors that lack the power and memory for any real security monitoring. The ubiquity and the vulnerability of IoT, across industries, vastly increases the attack surface.
There is no single solution to address the IoT vulnerabilities, but include:
- IoT devices designed, manufactured and utilized with security capabilities embedded otherwise known SecDevOps (The process of integrating secure development best practices and methodologies into development and deployment processes). For example, these emerging IoT devices allow for upgrades as new vulnerabilities and capabilities emerge
- Access control mechanisms and strong user authentication that can help to ensure that only authorized users can gain access to the IoT framework. At a minimum, change the default passwords on IoT devices.
- Assess the viability to retrofit IoT network with security overlay technologies which provide management capabilities to IoT devices that are not otherwise manageable
- Review the feasibility, from both a business and technical perspective, to leverage technology to segment IoT devices from the IT network
- Penetration Testing – Leverage white hat hackers to continuously test your system for existing and emerging vulnerabilities
Set the right example by sharing threat information with others in your industry who use similar IoT devices and encouraging others to reciprocate
As IoT grows, the network effect makes the automated processes and the generated data more valuable and mission-critical. As the value increases, IoT devices become more attractive and susceptible to cyberattacks. Awareness of this threat and proactive planning will mitigate these threats with minimal financial and opportunity costs.