IoT And Security: A Match Made In IT Heaven?
Decades ago, there was a clear differentiation between the cyberspace and the physical world, wherein a person, overwhelmed by the threats of cyberspace, could unplug and withdraw to the dependable world of physical objects. However today, technology, especially IoT, has become an intrinsic aspect of our lives, right from our watches to our cars. 2016 made it evident that IoT introduces all the perils of the cyberspace into our physical world, thus raising the question; how big is the IoT security threat?
Any connected device, regardless of whether it’s IoT-enabled, is a potential target for a cyber-attack. Thousands of IoT devices are being introduced in the market even prior to the development of effective legislature. As the legal framework tries to catch-up with the ever evolving IoT landscape, enterprises should adopt the following measures in order to safeguard themselves against IoT cyber-attacks:
- Authentication of IoT connections: At the heart of the IoT framework is the authentication layer which provides information and verifies the identity of an IoT device. The connection built with the IoT infrastructure is based on validated information about the IoT devices. While a few IoT endpoints require human interaction by means of a fingerprint or password authentication, some require identifiers such as radio-frequency identification (RFID), address of the endpoint and more. Hence digital certificates are required which provide a strong solution without weakening the practical operation.
- Automatic updates for IoT devices: Gone are the days where we had the luxury of updating IoT devices at our own sweet time. In the hacker infested world today, it is essential for companies to install security patches and updates in their devices in order to keep them up-to-date. According to the 2015 DBIR report, most attacks exploited known vulnerabilities where a patch has been available for months, often years. Devices now days have the option of automatic update and don’t have to rely on manual push methods. To manage and monitor hundreds and thousands of IoT devices is an arduous task. Secure methods can be adopted to deploy updates automatically.
- Collection of relevant data: Data, as we all know, can be classified under various varieties and categories. Some data is more valuable than others. While storing data is important, enterprises should recognize which data is essential and relevant for the company. Enterprises should collect information that’s needed for analysis, and get rid of it securely when there is no longer need for it. Storing irrelevant data is a liability and a major source of risk. Hence enterprises should maintain healthy practises such as deleting old data and taking backups of the crucial information in order to secure the infrastructure.
- Encryption is the need of the hour: Every IoT device is like an endpoint, similar to a PC or smartphone creating a vulnerable backdoor for the hackers. Encrypting data has become a critical step, as many IoT devices nowadays are mission-critical. Even when that primary defence layer fails, the data remains protected. Encryption of data will make it a lot harder for cyber-criminals to obtain anything valuable from the stolen information. Encryption is one of the best available security technology right now. Imagine your important data is on any gadget you use. Have you encrypted the gadget? Probably not. Can someone steal the laptop or mobile phone and crack the sluggish password? Absolutely.
- Stay secure by segmenting IoT networks and systems: A breach, even in the smallest of sensors, will compromise the entire range of connected devices or the enterprise systems as a whole. If the network is segregated into different zones or segments, then the IoT devices will be in a different group from the other IT devices. The breached devices will be in one particular segment that’s affected and the entire network will be safe. This in turn will lead to a drop in the amount of sensitive data acquired by criminals.
[The author is Director Product Management and Development, Verizon]
[Disclaimer: The views expressed in this article are solely those of the authors and do not necessarily represent or reflect the views of Trivone Media Network's or that of CXOToday's.]
- Weekly Rewind: Top 10 Stories On CXO Today (Sep18-23)
- Network Visibility: How To Diffuse The IT Blame Game
- 5 Ways To Future-Proof IoT Devices
- Negligent Staff, Poor Passwords Trigger Cyber Threats: Study
- Weekly Rewind: Top 10 Stories On CXOToday (Sept 11-15)
- SMBs Least Prepared For Cyber Breaches: ESET Survey
- Equifax Breach: Lessons For Indian Companies
- Skills Gap, The Key Problem In Enterprise IoT
- Evolving Threat from Botnets, IoT Zombies
- Weekly Rewind: Top 10 Stories On CXOToday (Aug 28-Sep 1)