From a security operations viewpoint, hackers can hack anything linked to those billions of IoT devices. Safeguarding them is no simple feat. Today with the Ukraine situation and the Russian Aggressors — I feel kind of personal about this topic.
The Internet of Things (IoT) typically refers to items and equipment that can be accessed, addressed, and controlled remotely. We’ve seen how those capabilities have played out just this week.
Okay — I admit it — I like the day to day conveniences of home devices
At home, and at work, I can start and operate many machine-to-machine and machine-to-human communications.
These helps we have deployed in our lives include edge computing devices, household appliances, wearable technologies, and even my car that bosses me around. IoT is the fusion of the physical and digital worlds.
Experts predict over 30 billion IoT connections by 2025 — which means at or above four IoT devices per person.
Put another way; there are billions of sensors connected and interacting on these devices (iot-analytics.com).
Every second, 127 new gadgets connect to the internet, according to McKinsey Global Institute. (Take a look at the device mapping from cars on the McKinsey dotcom media site.) From a security operations viewpoint, hackers can hack anything linked to those billions of IoT devices. That’s a lot of IoT devices — and safeguarding them is no simple feat.
Especially with so many different device kinds and security requirements.
The IoT Security Risk
Each IoT device is a potential hacker entry point into your data. And a threat to your supply chain. This is according to a Comcast report. Laptops, PCs, cellphones, tablets, networked cameras and storage devices, and streaming video gadgets are the most susceptible.
I wasn’t overly worried about all of our IoT Security Risks until last night when I heard the news from Ukraine and our office started pinging each other. We have wonderful devs working on everything — but now what?
Insights on cyber-
Monthly threats to a household average is about 104 tries against your devices. Other than that, most IoT devices have limited processing and storage capabilities. This makes using antivirus, firewalls, and other security software difficult.
As edge computing gathers local data, it becomes a concentrated target for skilled threat actors. For instance, along with IoT hardware, ransomware may attack apps and data. For example, Check Point Research showed a 50% rise in daily average ransomware assaults in the third quarter of 2021 compared to the first half. The uptick is blamed on the pandemic.
Distant work trends and remote offices are increasing the incidence of IoT assaults. You must understand the dangerous landscape and up your game to help protect yourself.
Main dangers to IoT according to US General Accounting Office (GAO):
SQL injection (controls a web application’s database server)
For instance, wardriving (search for WiFi networks by a person in a moving vehicle)
Also, cybercriminals discuss vulnerabilities and attack hits on the Dark Web and online forums, making some of the GAO’s assault tactics more complex.
Threat actors include hacktivists, criminal organizations, and nation-states. In addition to understanding threat vectors and attackers, it is critical to understand the following areas:
SEC Supply Chain Vulnerabilities:
Therefore it exacerbates supply chain vulnerabilities. For example, weaving networks and gadgets together, IoT exponential connection. Meanwhile increasing endpoint integration and a fast expanding and poorly regulated attack surface threaten the IoT. Using IoT endpoints, hackers may crash websites by flooding them with traffic requests.
According to a 2017 survey by Altman Vilandrie & Company, over half of US companies employing IoT have suffered cybersecurity breaches.
However, many more companies were likely victims but did not disclose. ABFJournal stated – Nearly Half of US IoT Firms Have Security Breaches. As of now, there are 44 billion IoT endpoints worldwide, and authorities expect the figure to treble by 2025. IoT endpoints 2020: pushing industries and use cases (i-scoop.EU)
In 2017, “WannaCry” ransomware emerged.
WannaCry harmed governments, organizations, and networks connected to IoT. The malware hit over 100 nations and tens of thousands of IoT devices in May of 2017.
Interaction between OT and IT operating systems, especially critical infrastructure, is another security issue. Adversaries have improved their understanding of control systems and attack them with weaponized malware.
Security by Design
The industrial internet of things and operational technologies have increased the attack surface. Operators of energy infrastructure should employ “security by design.”
Energy Infrastructure Needs Security by Design, Says GovCon Expert Chuck Brooks (govconwire.com) However, every cyber attack approach applies to the IoT ecosystem, IT, and OT.
It will need even more sophisticated security for all IoT endpoints in the future and all individuals and businesses will want to be more vigilant.
The Cybersecurity Act:
The good news is that policymakers finally get it — but is it too late. A new Cybersecurity Improvement Act in Congress requires OEMs in areas including medical devices, automobiles, and critical infrastructure to design specific products to reduce susceptibility during operation.
The Cybersecurity Improvement Act provides standards for IoT adoption and security vulnerability management. But like the last word says — it has to be managed, and that means by people who know what they are doing.
IoT Cybersecurity Solutions and Services
Risk management is essential in every security situation, physical or digital. IoT incorporates both. Understanding the IoT landscape is critical to cyber-securing IoT.
It’s the most excellent feeling to know how to secure your most valuable things. Also, preventing and resolving security events and breaches is prudent. There is a range of solutions, services, and standards to analyze when a corporation or organization considers risk management architecture.
Below are measures and examples of IoT security concerns that the C-Suite may employ to help solve some of the security issues. At the bare minimum — keep running this check list.
- Like NIST’s — use a proven IoT cybersecurity architecture based on industry expertise and best practices.
- Evaluate the security of all networked devices (on Premises and remote)
- Plan for IoT/Cybersecurity incidents.
- Separate IoT devices to reduce attack surfaces.
- Protect network and devices using security software, containers, and appliances.
- Detect and report threats
- Scan all software for network and application flaws
- Update and fix network and device vulnerabilities
- Avoid integrating devices with default passwords and other known flaws.
- Assert privileged access for devices and apps
- Control access with robust authentication and biometrics.
One of the biggest ways to help personal information and company information is to use connecting protocols using machine authentication.
You should encrypt data in transit for IoT. Stronger firewalls. Protected WiFi routers. In short, invest in multi-layered cybersecurity defenses, including antivirus
Save all data
Similarly, managed Security and skilled consultants are available 24/7. Likewise, ask the question — is your Security as a Cloud Service safe?
Meanwhile, integrate emerging technologies like AI and ML (machine learning) to defend yourself. In addition, have reliable real-time auditing (including predictive analytics)
Above all, ensure that all your personnel receives security training — ALL, not just those you think are the most important.
Despite all efforts, there are no surefire methods for safeguarding IoT. It’s a big ask. On the other hand, there are big results.
For example, increased efficiency. On the other hand, machine learning-enabled cybersecurity techniques will eventually dramatically minimize intrusions.
Live the “Better Safe Than Sorry” Model
However, in terms of IoT security (and any security), the cliché “better safe than sorry” holds (and makes you less of a target). That is to say, a comprehensive risk management strategy to analyze and mitigate IoT risks may help close security gaps.
Therefore, everyone linked should aim to improve their cybersecurity readiness. It’s like the proverbial fox in the henhouse scenario.
Don’t let an attack happen to you.
Image Credit: Tima Miroshnichenko; Pexels; Thank you!