IoT Security: What Are the Threats for Consumers and Manufacturers?
The Internet of Things (IoT) is rapidly changing the way both consumers and manufacturers interact with the world. But despite the benefits that these devices allow, they also carry with them critical security vulnerabilities that are putting customers and businesses alike at risk.
To put the growth of this industry into perspective, over 34 billion devices are expected to be connected to the internet by 2020, a significant jump from the 10 billion connected devices in 2015. Of that number, a whopping 24 billion will be composed of IoT devices.
But as the industry expands, so too do the opportunities for hackers and cyber terrorists to infiltrate these devices and abuse the data they’re privy to. As such, businesses need to begin investing their resources into IoT security, or else face the devastating consequences.
The Threat of IoT Today
It seems like almost every other day we hear about a new IoT attack rampaging through the technological world. Just last year, for example, Netflix and a host of other big-name services were brought to their knees by the Mirai botnet, a Distributed Denial of Service (DDoS) attack carried out by an enormous number of hacked IoT devices.
And while DDoS attacks can certainly be devastating, such devices (which can include refrigerators, DVRs, and even coffee pots) are also susceptible to malware that can brick them entirely. Just this year, for example, the BrickerBot outbreak has compromised and effectively destroyed thousands of unsecured devices leading to enormous revenue losses for businesses and, of course, some very unhappy consumers.
Whether your IoT devices are being used as part of a larger botnet army or are permanently being rendered unusable by malicious malware, all of these attacks demonstrate the dangerous lack of security in the world of IoT.
Tips to Preventing an IoT Attack
Below are just a few tips to help your company respond to an IoT-based breach or other cyber security threat. There are a wide variety of other resources at your disposal to consider as well but the tips below cover the basics of how to prevent a full-scale IoT attack and mitigate damage along the way.
Update IoT Devices Regularly & Frequently
Given the miniature size and capacity of many IoT devices, consistent upgrades and security patches may not just be unlikely, they might actually be entirely impossible. Many manufacturers today are so caught up in the IoT trend that they implement the capability without considering methods of keeping such technology updated to secure against unwanted intrusion.
As a result, many IoT devices could be running far outdated software on easily-infiltrated systems. Add to that the fact that many of these devices lack the physical memory to accommodate security upgrades and you have one alarmingly transparent infiltration point that could be putting your entire network at risk.
Updating your IoT device’s firmware on a consistent and regular basis when possible can help avoid any preventable breaches down the line.
Change Default Passwords & Protocols on IoT Devices
A surprising number of malware attacks are able to be carried out simply because the device’s default passwords and logins haven’t been changed (i.e. “admin” and “password,” “Admin” and admin,” etc.).
In fact, these embarrassingly insecure logins and passwords are so common that even one of the nation’s top three consumer credit agencies (Equifax, unsurprisingly) actually used this combination to try and safeguard a secure database.
Taking the short amount of time necessary to change these default passwords, then, is a simple and effective way to help prevent future attacks.
Run a Device Audit
Preventing an attack from occurring is obviously the first line of defense but actually detecting a breach in the first place is one part of the process that’s often overlooked. That’s where a device audit comes in.
Going through a rundown of all the devices connected to your network is absolutely essential in identifying an attack before it escalates and is one of the most important aspects of effective incident response.
The more comprehensive the audit, the better. It’s crucial to not only include equipment that wasn’t overseen beforehand (e.g. cameras, monitors, sensors) but also to physically inspect all devices for anything that may have been used without the IT department’s approval.
What’s more, putting a system in place for regular and consistent audits can turn this proactive solution into business as usual.
Incorporate Unmonitored Devices into Logging Solutions
Going along with the last point, any unmonitored devices should immediately be incorporated into enterprise logging solutions. Doing so will give you actionable metrics and insights that can point to an anomaly before it turns into a full-blown breach.
What’s more, providing a framework for users to actually authenticate an IoT device (i.e. a simple password system, digital certificates, two-factor authentication, etc.) can be instrumental in contributing to a complex and layered security system – the key to preventing a breach.
Build an Incident Response Plan
Finally, developing a comprehensive plan to effectively deal with a cyber security breach or IoT-based attack should it actually occur is one of the most important steps in remediating the situation. After all, the best defense is often a strong offense.
That means crafting meticulous and highly detailed playbooks, hiring knowledgeable and experienced IT and incident response staff, and working out the particulars when it comes to how your company (as a whole) will react in any situation where your digital security is compromised.
It’s frightening to think that three-quarters of small businesses today aren’t prepared for a cyber security breach. Don’t be one of them.
IoT Security: No Longer Just a Concern of The Future
IoT is still a relatively new technology and, as such, many manufacturers and consumers have been slow to implement security measures for them. However, the severity of an IoT attack can be absolutely catastrophic.
As such, adopting system-wide strategies for increasing the visibility of these breaches and mitigating the extent of the damage is absolutely instrumental in securing the viability of your business’s future.
