A Complete Guide to IoT Security for Your Business
IoT Security for Business: Definition, Threats, Precautions and More. Learn How to Better Manage IoT Security for Business
We might feel that technology plays a big part in our lives, always with our eyes on our phones or turning on the TV immediately after we got home – maybe even consider, in a certain way, that electronic gadgets are part of our family, like Mildred from Fahrenheit 451, Bradbury’s famous dystopia. We must not forget, though, that although technology has had a huge contribution to the evolution of human civilization, our devices can also be seen as a source of possible threats, especially if they are connected to the Internet. This happens because Wi-Fi routers, Smart TVs, smart cameras, smart locks, smart lights, voice assistants, some medical devices or Internet-connected cars fall into the category of the so-called Internet of Things and can become the target of cybercriminals. The Internet of Things (IoT) describes the physical objects that are embedded with software, sensors and other technologies that allow themi to connect and exchange data with other devices and systems over the Internet.
The emergence of IoT has been fostered by a series of factors that include:
Connectivity. Hosts of network protocols for the Internet easily connect sensors to the cloud and “things”, streamlining data transfer. Access to low-cost and low-power sensor technology. Nowadays, manufacturers use affordable and reliable sensors. Cloud platforms. Cloud platforms’ increase in availability enables both businesses and consumers to benefit from their advantages, without having to manage them. Machine learning and analytics. The advances in machine learning and analytics plus the vast amounts of data stored in the cloud allow companies to gather insights faster and more easily. Rise of conversational artificial intelligence (AI). IoT devices (like the digital personal assistants Alexa, Cortana and Siri) can now benefit from natural-language processing due to advances in neural networks.
As i-SCOOP shows, “In 2020 the number of IoT endpoints is forecasted to reach 5.8 billion endpoints, as mentioned a 21% increase from 2019. […] The fastest-growing segments in terms of IoT endpoints installed base: building automation, automotive and healthcare. The second-largest user of IoT endpoints is physical security, says Peter Middleton. Here building intruder detection and indoor surveillance use cases will drive volume.” Other industries use as well this kind of technology, so this growth tendency only underscores the importance of IoT security for business.
The major benefits of IoT secure devices for your business are the following:
They increase the productivity and efficiency of business operations. They create new business models and revenue streams. They easily connect the physical business world to the digital world, which saves time and creates value. The tricky part is, whether we use them as home consumers or in our workplace, that they are convenient – IoT devices allow us to turn lights on and off remotely, unlock the front door when we are not even in the building or get Alexa or Siri to check our calendar for us. As Peter Milley says, in his paper Privacy and the Internet of Things,
This convenience comes at a price. The unfortunate reality is the companies making these devices, although well steeped in the challenges of manufacturing physical products, are not as well versed in software development. […] Appliance makers create back-door access for support personnel or hard-coded passwords and encryption keys to simplify manufacturing and support with little regard for security. Furthermore, they rarely take into account the need for regular patch maintenance and rely too heavily on the end-user to make security changes to their products.
Here are some aspects that threaten IoT security for business:
1. Identity and access management
Identity and access management is usually associated with end-users, but it also extends to devices and applications that need network and resource access. What they have access to and the legitimacy of their request in the first place must always be verified, because devices left exposed in various locations can be easily attacked and used by cybercriminals to infiltrate your organisation.
Data is essential for IoT operations and it’s also critical that its integrity is wholesome. Take measures to assure that your data has not been manipulated, neither while at-rest, in-transit or in-use. Don’t forget about personal data either. This kind of information and any data generated by an IoT device must be protected through encryption, whether it’s in-transit or at-rest.
3. The great number of devices
Another aspect that threatens IoT security for business is the use of a great number of devices. To be precise, integrating new systems and devices provides more points of access for potential attackers, which raises the security stakes exponentially.
4. The simplicity of the devices
IoT devices are being more and more used in various sectors, and even the most simple devices (like a fish-tank thermometer in a casino who can gather tens of GB of personal data and expose it to hackers, for example) can be potential gateways to private segments of a company’s network.
5. The physical protection and disposal of connected devices
Anyone with physical access to some products can extract the owner’s password from the plaintext, private keys and root passwords. As companies adopt and upgrade IoT, it’s also important to consider the aspect of protection during use and disposal of old or defective smart devices.
6. Malware on an industrial scale
Hackers are developing more and more dangerous forms of malware, so companies must not forget to ensure the security of the industrial control systems that are connected and depending on IoT devices.
7. GDPR Compliance
Innovation always has the possibility to open potential loopholes for data protection. The fines levied for GDPR exposure show that the European Commission regulators are very serious when it comes to ensuring that personal data remains private. There are some new security laws on the horizon that promise to hold device manufacturers accountable for vulnerable entry points, yet companies need to take more responsibility for the imperfections within their own IT architecture.
Inertia is, in general, one of the greatest cybersecurity threats of today. Technology constantly evolves, hackers elaborate more and more strategies to get what they desire, yet so many companies still rely on security tools developed decades ago. Up to this point, the safety systems of a Saudi Arabian oil refinery have been targeted by the Triton industrial malware. Vast amounts of personal data have been accidentally exposed at the British Airways, Marriott Hotels and various local authority organisations. A group of hackers got access to impressive amounts of a casino’s sensitive information by using an Internet-connected thermometer in an aquarium. Don’t let anything like this happen to your company!
Here are a few tips for flawless IoT security for business:
1. Pay special attention when you choose the IoT devices providers
Make sure that you choose a well-known and reliable supplier, most likely one who will probably still be around for a long time. IoT devices require regular updates, especially when new security flaws appear, so you need a manufacturer that, over the years, provides patches and fixes any security bugs that may arise.
2. Invest in a network analysis tool
Monitor activity and quickly identify potential security issues by investing in a network analysis tool. This way you will not risk missing instances of information being accessed without permission or at unexpected hours – both signs that can point to a breach of your company’s IT system through IoT device.
3. Consider network management protocols a priority
IoT devices’ manufacturers often include an in-built protocol that allows the monitoring of internal activity. This usually isn’t enough if you want top security, so it’s crucial for your business to choose IoT devices that support Simple Network Management Protocols (SNMP). SNMP is a worldwide standard for network management, which allows them to be monitored by intrusion detection and prevention systems.
4. Consolidate your network’s security
It’s crucial to have an up-to-date router, with a firewall enabled, because it can be the first point of attack. If the router is compromised, your entire network will be vulnerable.
5. Make sure your IoT devices get patched up
Security updates are often released by responsible manufacturers, but you must also make sure that your IoT devices are patched regularly, with the latest updates. If you happen to stumble upon a device that doesn’t receive updates, it’s best to think whether the benefits of the device surpass the potential impact of a potential attack in your company’s case.
6. Remove unsupported operating systems, applications and devices from the network
Improve your business’s IoT security by conducting an inventory to check which operating system a device might be running. If a certain operating system is not getting patches anymore, it shouldn’t be connected to the network.
7. Narrow down internal and external port communication on your firewalls
Companies should restrict outbound communication if that communication is not particularly necessary. As Ciber Security Services says, “ Ports 80 and 443, typically associated with the internet, are common services that are open from the corporate network. But 80/443 might not be required for other VLANs associated with specific device types. These two ports are known to pose significant network threats since they allow web surfing, are rarely monitored and offer an entry path into the network. It is very common for malicious hackers and identity thieves to use those ports to exfiltrate data, as they are often left open in most organizations. This could allow a backdoor into the organization. ”
8. Last but not least, change default passwords!
This may seem commonsense, but you must ensure that the default passwords are changed for every IoT device on your network. The new passwords should also be changed over a period of time and stored in a password vault.
Heimdal™ Security can also help. Here’s how!
You can ensure your IoT devices’ security by choosing Heimdal™ Threat Prevention Network, an Intrusion Prevention System that can actively protect your network and is delivered as Saas. Heimdal™ Threat Prevention Network can shield your organization from DNS queries to unwanted domains by stopping communication between infected devices and malicious servers, which guarantees that every device used in the perimeter of your company’s network will pose no danger to your business. Here we include any (possibly compromised) personal device that your employees or visitors use to connect to your corporate network.
Heimdal™ Threat Prevention
As i-SCOOP says, “despite challenges, different speeds and the fast evolutions which we will see until the first years of the next decade, the Internet of Things is here.” That, at the end of the day, the number of IoT security breaches is only going to grow is also a fact. Consequently, securing connected devices can no longer be treated as optional – it is mandatory. Please remember, though, that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture for the benefit of anyone who wants to learn more about it. Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!