What Networked Devices and the IoT Mean for Cybersecurity
Securing on-premise and owned devices is one thing, but as soon as network considerations and remote devices like the Internet of Things (IoT) come into the picture, things have a tendency to get a lot more complicated.
Already, businesses face security threats that can cause, sometimes, irreparable damage. When these attacks are against critical sectors (e.g. water, electricity, gas), the repercussions can be severe. When these companies then execute processes using IoT, the possible vectors of attack increase. It’s crucial to understand the security risks that networked devices pose and how to mitigate them.
Three Aspects of the IoT Value Chain
Getting to grips with the three aspects of the IoT value chain will help to illuminate the cybersecurity risks associated with networked devices.
First is the “T” in IoT: physical things. These include sensors that interact with the physical world, gateways, hubs, and other IoT devices. Second is the communications network, which we can think of as the ‘highway’ connecting data from the local plane to the remote plane (and vice versa). This highway unites the physical world with the digital world.
The third aspect is the cloud or remote plane: the “I” in IoT. The IoT cloud is the set of servers, databases, remote analytics, and visualization platforms that collects, processes, and uses the data it receives.
All three aspects of the IoT value chain play an important role in ensuring the integrity of the data exchanged, as well as the remote and local systems involved. Communications networks and cloud elements tend to be well-protected. The majority of cyberattacks and security threats focus on IoT devices, as these entail greater cybersecurity vulnerabilities.
The Cybersecurity Risks Associated with Networked Devices
The IoT device is definitely the most vulnerable element in the security chain. The primary reason for this is the lack of firmware updates. We are used to receiving notifications of security patches for our smartphones and laptops; this keeps them up-to-date and protected against the latest security threats, which are ever-evolving.
The same doesn’t apply to IoT devices, however. Once deployed in the physical environment, they are rarely updated. This, of course, greatly increases the risk of becoming a victim of a cyberattack.
There are two reasons why networked devices are not being updated the same way as our computers and phones.
The first reason is IoT market immaturity. We can say that IoT is in its ‘adolescent’ stage. Because of this, cybersecurity is not being prioritized. If we envisage a pyramid containing the different levels of priorities that a company has when it comes to an IoT project, there are other concerns sitting at the wide base of the pyramid. These concerns come before cybersecurity. Major security threats to IoT devices occur because security is only thought about when the project has been developed, instead of considered from the beginning.
The second reason for IoT’s lack of firmware updates relates to the complexity of managing a distributed, remote, and heterogeneous environment. IoT is based on a multitude of distributed “things”. It is a huge challenge to try and upgrade all of these devices in a way that is efficient and scalable. Moreover, the business cost of updating IoT devices are the local level, on a regular basis, would simply make any major IoT project non-viable.
How to Enhance the Security of Networked Devices
There are several steps you can take to improve the security of IoT devices, preventing and mitigating cyberattacks:
- Set strong passwords and usernames. Don’t just use the one that is set as default. You should also change your passwords regularly; we recommend every 30 to 90 days. If you have a complex network with many devices (as many companies do nowadays), use a password manager to avoid using similar or simple passwords. A password manager will allow you to create many different, complex, and hard-to-guess passwords.
- Use multi-factor authentication (MFA). This is your backup in case your password fails, either because it was in a data leak or a hacker figured it out through a brute force attack. MFA can take the form of receiving a text message with a unique code every time you log in. Higher MFA levels include physical authentication, where you insert a physical key (typically a USB stick) to log in. You can also enhance MFA by using biometrics.
- Keep your software up-to-date. This will fix old bugs and patch security vulnerabilities.
- Encrypt your connection when you have to go online. One of the simplest ways you can do this is by using a VPN, as this will change a device’s IP address and encrypt all the data leaving it. Most VPNs also offer a “kill-switch” feature, which will kill your internet connection should the VPN crash. This way, your IoT devices won’t ever make contact with the open internet without being protected.
- Secure your internet connection. For routers, you want to replace the default network name, admin username, and password, using secure alternatives and regularly changing them. You also want to use the highest level of encryption your router has. Your router should be able to support WPA2 encryption. You can then take internet security a step further by creating separate networks for all of your IoT devices.
While networked devices may be a security weak point for many enterprises, they don’t have to be. By following the recommendations outlined above, you will be able to significantly enhance your cybersecurity and prevent any major cyberattacks from occurring and disrupting your operations.
Cyberlocke is a comprehensive, full-service IT services provider that architects and implements efficient and secure solutions for enterprise customers and their data centers. We specialize in security, cloud, managed services, and infrastructure consulting. Contact Us today to learn more.