No silver bullet
in securing IoT
No silver bullet
in securing IoT
Have you implemented the right security
measures in your IoT deployment?
One of the first signs of trouble came from a baby monitor in 2013. A family in Houston were shocked to find that someone had tapped into their web-connected device and made lewd remarks to a two-year-old over a wireless link.
The problem, to the victims’ astonishment, was that they had not updated the firmware. As a result, an unidentified hacker managed to sneak in and connect to an early version of a smart device. Today, the proliferation of connected devices is fuelling fears that hackers are also gaining access to massive numbers of devices on the Internet of Things (IoT). And the result could be a lot more devastating.
There will be 14.2 billion connected things in use in 2019, rising to 25 billion by 2021, according to research firm Gartner. This, it added, will generate an immense volume of data. Whether this is in the form of readings from an energy meter or surveillance video from a camera, there is one common problem that such devices face – the threat of a well-planned and disruptive cyber attack.
Lack of security
Unlike PCs and servers, many IoT devices do not have sophisticated security built in. Part of the reason is that they often run on low power and do not have the capacity for added security layers. There is no patch management on many such devices.
Simply put, there has been a lack of emphasis on security until recent times. Just like the early versions of Wi-Fi, the focus had been on ease of deployment rather than security. As a result, many enterprises have ended up with IoT deployments that are difficult to secure.
The warning signs have been loud and clear in recent years. In 2016, a botnet called mirai took control of millions of such connected devices, including CCTV cameras, to launch a distributed denial of service (DDoS) attack that left much of the Internet inaccessible to parts of the United States.
The hackers only had to scan the Internet for devices that were open and attempt to log in with a combination of common passwords. Often, the default passwords, which the owners had not changed, let in the hackers.
The mirai botnet was not the first such attack and it won’t be the last. Indeed, IoT hacks will become more common in the years ahead, because of the potential damage they can create – and the rewards hackers can reap.
Consider the consequence if a hospital had its connected devices, such as patient monitoring systems, infiltrated by hackers. They could hold the hospital and patients ransom, in exchange for not disrupting the system.
Industrial systems that are increasingly dependent on IoT to run smoothly today also face a growing risk. Consider a power plant that is under attack, or a manufacturing plant whose systems are compromised and it’s clear that IoT security is important for all sectors.
Shoring up IoT defences
There is no silver bullet for securing IoT devices, though they can manage the risk. For many enterprises, the first step to take is to include IoT in all their security considerations. A connected device should not be less secure than a PC or server that is protected by multiple security solutions.
This means the same principles should apply to IoT devices as well. The concept of securing data at rest and data in transit should be implemented. In some cases, encrypting the data is necessary so that even if a hacker steals the information, it will be hard to unravel.
The same for vulnerability management, a key problem today with IoT devices. It is important that technology leaders select solutions that allow for software updates that close off loopholes as they are found. Default passwords have to be changed.
Perhaps more importantly, the emphasis has to go beyond managing the edge of the IoT network. There has to be greater oversight and governance on IoT devices and the data they generate, store and transfer. For this, enterprises need better threat intelligence, which offers insights to identify malicious traffic.
All this means that there will be additional complexity involved. Technology leaders can no longer simply hook up a network of sensors and forget about them as long as they seem to work.
Gearing up Security for IoT
The good news is that innovations in the chips used in connected devices can help with managing emerging threats. Better management software that lets enterprises oversee their deployment will also help offer more effective supervision.
These will be key for IoT in the years ahead. For many technology leaders, IoT is crucial to their organisations’ transformation. Security, baked in from the start, should be a big part of any such deployment.
As your business grows, so do the threats to your systems and data. The rapid advancement of malware, increasing attacker sophistication and the rise of new complex threats requires comprehensive security monitoring and constantly updated security technologies to keep your networks and data secure.
Find out how StarHub’s Managed Security Appliance Services can safeguard your business.
Protect your business from DDoS attacks
DoS attacks have evolved in sophistication and complexity over the years. Learn how your organisation can prevent such attacks.
The essential guide to select the right UTM for your business
Learn how to determine the best UTM solutions to benefit your business