IoT Agenda

May 19 2017   1:07PM GMT

Your IoT devices are vulnerable without these four security measures

JohnHorn Profile: JohnHorn

Tags:
Data security standards
Encryption
Internet of Things
iot
iot security
security in IOT

Cybersecurity is something that can honestly be called both boring and terrifying. The technical details of threats and prevention strategies could put anyone to sleep, but reports that cybercrime will cost businesses more than $2 trillion by 2019 could keep anyone up at night.

With so much at stake and so little urgency or engagement to go around, it’s crucial for companies to devote their cybersecurity resources toward the most immediate threats. Currently, the emphasis tends to be on servers, clients and data.

But with internet of things technology continuing to spread throughout the industrial world, it’s time to shift our focus toward securing the sensors and devices that connect the “things” around us.

In most IoT networks, every sensor is assigned its own IP address. From a security standpoint, this makes them highly vulnerable. If a hacker gains access to your network through one of these devices, he could easily pull off a data breach — something that, on average, costs companies $4 million to resolve. The hacker could also disable a device or shut down the entire network, and the fallout from that could be catastrophic. Lost revenue, consumer confidence and operational strength only scratch the surface.

If you think your IoT devices are the ironclad exceptions to the rule, don’t be so sure. An alarming 85% of developers admit that IoT products are rushed to market before security issues are resolved. Even worse, 90% of developers believe the IoT market has underperformed in terms of consumer protection.

The question is not whether your IoT devices are vulnerable; the question is whether they offer any level of threat protection.

Build your defenses quickly and aggressively

It’s important to provide adequate security for each part of an IoT network, from the device to the gateway to the software. No single point of failure should exist.

Businesses must treat their IoT devices in a manner similar to how they treat any other asset, such as inventory or property. Here are four steps they can take to boost their defenses:

  1. Follow security standards. User engagement is essential if you’re going to secure IoT devices. And in order to get end users on board, they need to understand exactly what kind of security measures are in place. Following security standards builds transparency and familiarity into the process. And the more users understand security, the more they’ll respect threats. Implement standards like FIPS or NIST, and make sure end users are properly educated about them.
  2. Practice security by design. The evolving concept of security by design is an approach to engineering that assumes every device is under attack by hackers. Rather than let bad actors find vulnerabilities, products are designed to identify and eliminate them in advance. Seventy percent of IoT devices were manufactured with vulnerabilities. Practicing security by design could drastically reduce that figure for the next generation of devices.
  3. Encrypt all messages. An alarming number of IoT devices fails to rely on encryption to scramble messages sent across the network. Ensuring message confidentiality is considered standard practice in other corners of cybersecurity, but it hasn’t yet become commonplace in the internet of things. You may not be able to keep all hackers out of your network, but you can ensure the messages they hijack are meaningless jumbles of text.
  4. Make provisions for the future. Effective cybersecurity requires agility. Make sure the protections you put in place today can be updated and revised tomorrow. Even if a connectivity provider offers field firmware upgrades, those upgrades need to be authenticated to further protect against malicious access.

The internet of things is too promising a technology to pass up. But in an era when hacking has become commonplace, it’s also one that requires a robust security strategy.

Don’t invite the invaders inside. Get serious about IoT security before your business becomes yet another statistic.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: