Is There a Way to Secure IoT Devices?
by Mark Grayson
Coupling IoT devices safely and securely is currently a big challenge for business leaders around the world. Some of the simplest devices are poorly secured e.g. baby monitors to cameras, even e-cigarettes. These are not regularly updated with firmware according to Ofer Amitai, the co-founder and CEO of Portnox.
The Technology industry and the media have exposed IoT vulnerabilities countless times. This has made a way for an abundance of distributed denial service (DDoS) attacks. Hackers coordinate to access multiple devices from a malicious botnet. Unfortunately, over time this threat is only going to increase.
International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. It has reviewed its current thoughts on IoT and is updating their projection from 30 billion devices to 200 billion devices by 2020 – the amount of connected devices into the network. So the security issue needs to be taken very seriously now.
How can a Business Secure its IoT devices?
Amitai’s first piece of advice is to ensure that you know all about the devices and how they connect to the network. Secondly, carefully manage and make an informed decision about the risks to the business and the individual. Around the clock monitoring and adjusting security settings to manage the risk is critical. A log should be kept of what services are on what IoT device.
Managing the business network infrastructure is also key. Make sure a separate part of the network is used to connect to the IoT devices so that the Head of IT can monitor the behaviour of the device and can be alerted to any strange behaviour patterns. Finally, if strange behaviour patterns are happening, these alerts should then have actions attached automatically to help stem these attacks quickly and efficiently.
No one said it would be easy, but it is of vital importance that organisations begin following the advice of security vendors like Portnox. Weak IoT security will leave businesses vulnerable to external intrusion. It is vital they know what internet-connected devices are connected to the network in order to manage the risks they pose.
For example, unsecured IoT devices can cause “IP conflict or some devices can issue the NCP requests or replies and cause network issues on your network,” explains Amitai. “But also security threats, direct security threats where those devices can act like a Trojan to your network. Or, someone can hijack that device and then either violate your privacy or cause some denial or service for your crown jewels for your organisation.”
IoT devices are becoming more and more a part of our everyday lives. Though they are not fundamental to how business and the world operates as yet, their influence is increasing in both the public and the private realm. The IoT is just part of the movement that gives us freedom of where we work and how we work. It might also be said that that it can enhance the productivity of an individual and/or team.
A caveat, as Amitai says, is:
“With that comes the risk of working from unsecured environments, from places that are much more exposed to risk. Having an endpoint without a firewall, without an anti-malware, without a protection against ransomware, which is not running the latest patches in such unsecure places as those shared workspaces can be a huge threat to organisations. You need to control that risk, and put a line in the sand of where you want to better put the emphasis on whether you allow people to connect to your VPN, for example, without an anti-virus or not. And that’s I think one of the challenges of this new workspace, this new space to work in this dynamic Bring your Own Device BYOD environment.”
To conclude, Amitai suggests that governments around the world need to take more action when it comes to security.
“What I think we are missing as an industry, or as a society is that this problem of digital crime – which is on the rise – is not just for us as security vendors to solve. We’re happy and we’re committed to help organisations protect themselves against crime, but this is essentially the job of governments as well. They should handle that. Governments should provide safety in the digital world as well for organisations. Inter-government organisations should catch the cyber criminals attacking these organisations. And forcing them to have their digital guardian at the entrance of their business. It doesn’t make sense the government would put all their burden on the citizens and the SMEs. They should take responsibility as well, and I hope this will change.”
It is not just organisations that will be affected by vulnerable IoT devices. As they become more and more widespread people will integrate them into their homes, via their appliances or even alarm systems. For this reason alone, it is clear that we need to take security very seriously when it comes to the Internet of Things.