Written by Abdul Subhani CRISC, CFE, CEH, CAS, PI, President & CEO - Centex Technologies
The Internet of Things (IoT) is enhancing the scope of global connectivity. Beginning with ARPANET and evolving into the giant called the Internet, computers, networks, organizations and mobile devices are now effectively connected. However, the advent of IoT promises to extend that connectivity to everything, from household devices and wearables, to cars and health equipment. As more entities become part of the global network, the attack surface of this network is increasing exponentially. Attackers can find security loopholes more easily in one of the billions of connected things, compared with the millions of computing machines and mobile devices that have already been part of the Internet. This increased attack surface highlights why IoT security must be a top priority for anyone involved with information technology.
Privacy issues[1], more lethal ransomware attacks[2], widespread malware attacks[3]and large-scale DDOS[4] attacks are already in fashion. But with its benefits of more connectivity, greater speed and extreme automation, IoT also brings upsized cyber threats. More devices coming online means increasing amounts of data are being generated and causing a greater load on information security resources.
The IoT market is increasing at an incredible speed. So many IoT devices are being manufactured today, and many more are on the way. This ever-increasing pace takes its toll on security. Manufacturers are rushing, trying to avoid lagging behind in the IoT race, resulting in overlooked security aspects in the manufacturing process. While these overlooked aspects may not result in any immediate harms, they have the potential to be highly damaging for the IoT-enabled environment of the future. However, trying to plan for future IoT vulnerabilities is challenging, due to the need to visualize all possible attack types on a smart city or a smart airport without actually implementing such a system and then facing the threats that arrive.
How to Embrace IoT
In spite of the associated security concerns, IoT should not be avoided. Within the near future, IoT will likely be the framework for all our routine affairs: official, casual, or private. Therefore, rather than trying to figure out how to avoid IoT, enterprises should instead determine what is necessary to embrace IoT, gain maximum profit, and guard against its insecurities.
Rely on expert solutions
Because IoT is still an emerging field, it is not an area that everyone knows very well. Therefore, organizations seeking to take on future IoT upgrades or initiatives should search for a single reputable vendor to provide a complete, expert solution, rather than relying on different components from a variety of vendors with limited experience. This precaution helps minimize the risk factor.
Implement two-factor authentication
Authentication should never be overlooked, especially in the IoT environment. Today, the best authentication mechanisms for personnel include a combination of two factors: what they know (i.e., a password, PIN, etc.) and what they have (i.e., biometric data, or a physical device like a key card). For devices, authentication should be based on hardcoded signatures with encryption.
Hire professional security personnel
Many companies have a dedicated information security department looking after the cybersecurity. The value of these personnel in the IoT environment cannot be overemphasized. Often, it is these personnel who must be the first to respond to the newest emerging threats.
Utilize hardened devices
As discussed earlier, the information technology industry is currently focused on the race to manufacture while keeping up with the rapid pace of IoT growth. In the process, some security needs might be overlooked. Insecure devices are prime launching pads for attackers. Therefore, enterprises must not jeopardize their security by equipping cheap and low-quality devices. Any devices used by the enterprise need to be security-hardened.
Conclusion
Staying abreast with modern-day technology is the need of the hour. However, adopting anything new comes with pros and cons. An IoT world is not far from reality. People who choose not to embrace IoT will lag behind. Therefore, understanding the associated risks and preparing for IoT-related security challenges is essential for both individuals and enterprises.
About the Author
Abdul B. Subhani is the founder and President/CEO of Centex Technologies, an IT consulting company with offices in Central Texas, Dallas, and Atlanta. He is also an adjunct faculty member of the Texas A&M University - Central Texas computer information systems department. Abdul is a Certified Ethical Hacker, a Certified Fraud Examiner, Certified in Risk and Information Systems Control, a Texas Licensed Private Investigator, member of FBI Infragard and the recipient of multiple other advanced IT credentials. Abdul has been a frequent keynote speaker, moderator, and panelist at leading international technology conferences, and he has given speeches to thousands of students at colleges and universities.
[1] http://www.businessinsider.com/internet-of-things-security-privacy-2016-8
[2] https://www.scmagazine.com/ransomware-of-things-resarchers-predict-future-of-ransomware-attacks/article/633842/
[3] http://www.computerworld.com/article/3188302/security/iot-malware-begins-to-show-destructive-behavior.html
[4] https://www.infosecurity-magazine.com/news/leet-iot-botnet-bursts-on-the-scene/