The Internet of Things (IoT) has the potential to rapidly transform the corporate world. Companies that are investing in new solutions are starting to experience improvements in business efficiency and competitive positioning. As the IoT develops, companies’ data and intellectual property (IP) will become more vulnerable. This is because the security of IoT devices is often quite poor. The diverse mix of sensors, manufacturers and the speed of solution development have created a complex environment that is challenging for businesses to secure. The software driving the IoT is still not designed with safety in mind. Time to market and features are typically the governing principles, so code is written quickly and issues are fixed as soon as they appear rather than from a holistic security point of view.
Things Need to Change
A recent study from HP revealed that 70% of IoT devices are vulnerable to attacks, however, what are the vulnerabilities? Below are some common scenarios:
- Poor authentication policies are common. One famous example is the Target breach. The attack began with the hacking of a local air conditioning contractor to steal login credentials. These were then used to install malware on Target’s point of sale (POS) machines in a local store.
- The IoT uses technologies such as cloud, mobility and big data which means that solutions face the same threats that these industries are still learning to resolve.
- The protocols used vary and many can be cracked by a knowledgeable individual. For instance, there are freely available tools to hack the ZigBee protocol – KillerBee is part of the toolset for the ethical hacking platform Kali Linux but could also be used for malicious purposes.
- Many IoT management platforms have web interfaces and are exposed to common web application attacks (SQL injection, Cross-site scripting). However, the impact can be magnified if an attacker gains control of a management platform that manages a large number of systems. From a business perspective, the company could find itself struggling to regain control of key applications and infrastructure.
Securing Your Future
Essentially, to make the IoT more secure, systems need constant updates. Building security into software applications and network connections that link devices is also critical. Next, implement network monitoring and segmentation that enables organisations to detect when malicious activity is taking place. This can significantly reduce the damage caused by security breaches. Properly securing cloud applications and corporate communications with encryption will help the organisation to protect sensitive information. Alongside these security measures, businesses have to understand that there isn’t just one ‘gatekeeper’ for company security, but a degree of responsibility lies with everyone across the business. People need to improve their cyber security behaviour and companies can assist their employees by defining acceptable usage policies (AUP). It is crucial that businesses address how they approach security and awareness strategies together. Cyber security is a fundamental enabler of the IoT, but if it is not treated as a strategic priority. As a result, growth opportunities will be undermined as breaches occur and security issues will quickly grow in prominence, creating a barrier to customer adoption.