Challenges Facing the Internet of Things
It’s easy to predict that IoT security issues could only get worse before they get better. After all, businesses are continuing to install more connected devices with default passwords and with no plans to update the firmware. These choices immediately create vulnerabilities to IoT-related cyberattacks.
Further, hackers will certainly use this growing pool of defenseless IoT devices to launch increasingly sophisticated ransomware and distributed denial of service (DDoS) attacks. Hackers are also moving to manipulate the functionality of compromised devices in new ways; threats can include unlocking smart homes for unlawful entry or taking control of smart thermostats to make facilities uninhabitable until ransoms are paid.
Increased Regulation of IOT Manufacturing
On the positive side, there is growing pressure on IoT device manufacturers to improve security features so their products aren’t “botnet-ready” by default. For example, legislation like the recently introduced US “IoT Cybersecurity Improvement Act of 2017” could apply the power of government procurement clout to influence IoT device security.
The modest goal of most regulatory pressure is to influence developers to make their devices patchable and to ship them with a stronger authentication process, including changeable passwords and no default password. Industry efforts like the OWASP Top 10 for IoT, as well as various IoT security “platforms,” may also help long-term.
Growing Dialogue About IoT Security Issues
Another “positive influence” is news coverage of IoT-driven cyberattacks, which is likely helping to raise awareness that IoT devices are actually little computers and IT needs to take steps to manage and secure them. But does knowing there’s a risk lead to policies and procedures to reduce risk?
A lot of companies are not yet up to speed on managing and securing IoT devices, according to recent reports. With little in the way of management software and scripting tools available, it can be a time-consuming, manual process to deploy IoT firmware updates to large numbers of IP cameras or a building full of smart lightbulbs—assuming patches are even available.
But while tools are not yet mature, IoT security spending is definitely trending up. Gartner posits a 28% increase from 2017 to $1.5 billion in 2018. Demand for tools and services to help with IoT device discovery, management and security assessment is clearly strong.
Tips for Your Business
What practical steps can your business take today to reduce risk from IoT devices? Start by ensuring that IT is involved in choosing devices (and in evaluating whether connectivity is essential in the first place). Limit device exposure to the public Internet, and segment your network to separate IoT systems from critical services. Patch your systems and educate your users.
Sounds simple, right? These basic steps will become easier as standards mature. Meanwhile, it’s up to you whether IoT security is getting better or worse… for your organization.
To talk over your IoT security plans, risks and concerns with an expert, contact Pivot Point Security:
For more information/food for thought:
- “The state of IoT security” on techbeacon.com
- Will you bother updating your Internet-connected toaster? How “smart devices” benefit manufacturers and marketers more than consumers.
- Thoughts on identity and access management for the IoT