Which product are you using?

IoT Security: Protecting Your Network in the Age of IoT

Wednesday, December 7, 2016 - 14:00
IoT Security

In any rapidly advancing technology, too often the developers/inventors are trying to solve functionality issues, not security issues. “How can we make it better” and “how can we sell it faster” are the key drivers, not “does this expose our customers/users to harm”. There are over 4 million mobile apps (and counting!), and many of them are vulnerable to cyberattack. It looks like the applications and devices that comprise the Internet of Things (IoT) will be no exception.

IoT Security Challenges for Your Network

“The Internet of Things will allow for attacks we can’t even imagine.”

We’ve already seen some possible doomsday scenarios portrayed in film (Die Hard 4, crashing the stock market, the national power grid, and so on) and national policy (Stuxnet, a US cyberweapon against Iran) – and these portrayals only represent when computers themselves were vulnerable. What about a simple “power off” virus that connects to refrigerators? In an article focussed on IoT Security earlier this year by security expert, Bruce Schneier, he stated that “The Internet of Things will allow for attacks we can’t even imagine.” He went on to say. “Today’s threats include hackers crashing airplanes by hacking into computer networks, and remotely disabling cars, either when they’re turned off and parked or while they’re speeding down the highway.”  (Learn more about how a car can be hacked.)

The more I think about this situation, the more worried I become. But the good news is that there are ways to protect your business and its network from these weaknesses. Of course, as the saying goes, a better mousetrap breeds a better mouse, but let’s close the open doors and windows before we start hunting down the cracks in the foundation.

How the IoT Works

The very way the IoT functions leaves “open doors and windows?” Generally, an IoT-enabled network has “edge devices” (e.g., sensors, adapters, beacons), a gateway to communicate with those devices and a back-end server (in the Cloud, or on-premises). These are each waiting threat vectors for your network, but you can, and must, deal with each of them separately as each will need to be secured in a fashion appropriate to the device or exposure.

How to Protect Your Network from IoT Access Points

  • Edge Devices: require security certificates to limit communication
  • Communications Gateways: necessitate encryption and standard network security
  • Back-end Servers: need network security, data encryption and code hardening

So obviously, to be safest, you should secure every device and every possible communication route.  However, the reality is, most companies can’t afford to do that. A study by Gartner estimated there will over 6.4 Billion connected “things” in 2016, a 30 percent growth from 2015. Prioritization is the order of the day: secure the “outermost” or most vulnerable IoT devices first, and get some expert assistance. If you are already taking advantage of a cloud-based communications solution, enlist your service provider to examine your network for holes, and then help plug them. Top-of-the-line VoIP security is a primary benefit of partnering with a UCaaS provider after all, so make use of the resources already at your disposal. In addition, take a look at the OWASP IoT Project (OWASP is the Open Web Application Security Project); they indicated the IoT security problems.

Top 10 IoT Security Problems

  1. Insecure web interface
  2. Insufficient authentication or authorization
  3. Insecure network services
  4. Lack of transport encryption
  5. Privacy concerns
  6. Insecure cloud interface
  7. Insecure mobile interface
  8. Insufficient security configuration
  9. Insecure software or firmware
  10. Poor physical security

The good news: the cybersecurity community of knowledge is already adjusting and adapting to the new threats presented by IoT. We’re still a long way from security being an integrated component of each IoT device, though, so the first action you should take is to get educated. And then, do something now to protect your company. Use the contact us form to get started with one of our specialists today.

Related Video: Centralizing IT Security Using the Cloud

More About Network Security

Contact a Network Security Expert