A cyberattack can ruin an individual just as easily as it can take down an entire organization. Yet our dependency on technology continues to invite malicious hackers to test its limits.
The next wave of cybercrime will surely target the Internet of Things – the electronic connective tissue binding all of our personal and professional devices. By gearing up now, you could be the hero of your organization should a destructive hack occur.
Concerns about IoT security
As device dependency on it grows, the Internet of Things (IoT) is generating a lot of industry attention concerned with its general security.
According to a recent Forrester publication:
- More than 500K Internet of Things devices will be compromised in 2017.
- The Internet of Things “represents a two-pronged threat in 2017 – potentially exposing business to security breaches and devices themselves being turned into DDoS weapons.”
Gartner Research weighed in on the IoT with their prediction, “…new threats will emerge through 2021 as hackers find new ways to attack Internet of Things devices and protocols.”
To educate you against these imposing threats, we’ve gathered some industry predictions and recommendations. Perhaps these insights will get you thinking now about your organization’s own defense strategy.
The future of IoT security
I-Scoop recently devoted an entire post to forthcoming advancements in IoT security which include:
- End-to-end security approaches - where security measures are baked into the design
- A preference and reliance on partners and system integrators with security/privacy SLAs
- Applications once considered less critical will garner the same preference for secure connectivity as those deemed critical
- More immediate consideration of security in IoT project planning
- Hybrid security solutions for cloud and edge computing needs
- Formal regulations and standards for security
- AI will assist with real-time security monitoring
- Blockchain added to IoT security
- Development of security perimeters that extend to the endpoints
- CISOs intensify focus on visibility
- Larger investments in IoT device visibility – allowing for device discovery, onboarding and monitoring.
Every organization’s security needs will differ. The more aware you become of your network’s specific IoT vulnerabilities, the more you can do to prepare. Because if there’s one thing for certain, the headaches IT professionals face with the advent of the IoT aren’t going away any time soon.
Common IoT Headaches
In fact, you’re probably dealing with some of these common pain points already.
Lifecycle management
The IoT has turned already complex heterogeneous networks into so-called super-heterogeneous networks. As more devices pour onto it, the magnitude of initial configurations, optimizations, updates and security increases.
Device discovery
It’s an undeniable part of IT life: more smart devices will find their way onto your network(s). Beyond their basic MAC addresses, those devices don’t have a common method to announce their arrival or activity. Therefore, having a thorough understanding about device-specific issues becomes critical.
Updates
Determining the type of update needed by an IoT device has become increasingly difficult. It’s not like the good ol’ days when Patch Tuesday would come around – or a Windows machine politely prompts you to run an update. The challenge now becomes getting the update delivered to all devices that need it on your network.
Data collection & transmission
Many consumers may not be aware, but most smart devices include some form of communication to their manufacturer and/or provider. As a network defender, you’ll benefit yourself (and the organization) by knowing how devices commonly collect and transmit data. You may also want to consider implementing security monitors and/or alarms to help contain critical information before it leaks out.
Spying
Sometimes a security risk sneaks in and is difficult to detect. Akin to data collection and transmission, you must have a thorough method for identifying and vetting every device on the network to mitigate the risk of spying.
Start your preparations now
As with data loss or a hardware failure, it’s not a matter of how an attack on the IoT will occur, but when. Your preparedness can potentially save the organization from total ruin. Begin reducing your risk by achieving as much visibility as possible for every device that enters and leaves your network. Educate others as well. The more everyone in the office is made aware of the potential risk and preventative behaviors, the easier your life will be.
Every great step forward in technology opens the door for malice. The Internet of Things is no different. You can take the first steps toward protecting your organization from a potential attack by familiarizing yourself with the latest and greatest methods other IT pros are using to mitigate risk.
