The Internet of things can be described simply as devices that have connectivity to the Internet, and thus to a computing network. Many times these connected devices aren’t manufactured with security solutions onboard (or any security-minded foresight at all) so they can be fickle instruments when trying to onerously secure a network that includes numerous IoT devices. Today, we'll go over some of the threats IoT devices pose to your network, and how to reliably secure it from these threats.
The Threats
Many devices on the Internet of Things have security problems. You’d think that they wouldn’t be much of a problem since they often have limited functionality. For example, a connected thermostat has a limited number of options (on/off, temperature adjustment). In fact, whether it is a CCTV camera, a smart refrigerator, a connected toy--anything that comes with Internet connectivity--is a potential threat to your home or business’ network. There are a myriad of reasons for this. They include:
- Insecure web interface - Every connected device has an integrated web interface that allows users to interact with the device. If not properly secured, these portals can allow unauthorized users to gain access to the device.
- Insufficient authentication procedures - Connected devices may have ineffective control mechanisms built in that could, if leveraged by hackers, provide unauthorized parties more access than they should be allowed if it were properly secured.
- Insufficient encryption - If the data that the IoT device gives off isn’t properly encrypted, it can be intercepted and compromised.
- Insecure network services - Vulnerabilities of where the network connects to the device can offer unwanted entities a pathway to infiltrate the network or the device.
- Lack of cloud or mobile security - Some devices come with cloud-based functionality, while others run off a mobile device. If these constructs aren’t properly secured, an IoT connection could present a pretty potent vulnerability.
- Insecure software or firmware - Often IoT devices lack the ability to be updated. Unfortunately threats don’t stop being developed and it can be a matter of time before a once secure device has a glaring vulnerability.
- Lacking Physical Security - If a hacker can alter the physical makeup of an IoT device he/she can gain access to the device’s settings, creating an avenue for major security problems.
Fixing Threats
For every threat there is a remedy, but really the best thing you can do is to be conscientious about the device you are connecting to your network. Every connected device could be the device to cause major problems for you. The industry is split about how exactly to secure crucial computing networks from the threats the IoT presents.
The generally accepted strategy to manage the IoT is one where the more things can be controlled from a central hub, the more secure the system will be. While it does make management easier, this strategy doesn’t completely provide the kind of comprehensive risk-based solutions needed to mitigate any IoT-fueled corruption. By not first doing a full risk assessment, especially these days, there is a decent chance of catastrophe. After all, security is about dealing with real threats.
The main problems are that most IoT-connected devices don’t come with comprehensive security and they can be altered by a network-attached user pretty easily. Take the driverless car. There is going to have to be a major enhancement in the way that these systems are protected if we hope to utilize automated systems to drive actual people around. Since the driverless car is effectively on a public network--and is not behind a firewall--it will need to have its own encrypted system in order to keep it from getting hijacked.
This brings us to one of the best ways to secure an IoT device on any network: ensure it is placed behind some sort of firewall. For the average business that is starting to deal with employee-owned IoT devices on their network, it is important that you have the person with the device, whether it is directly connected to the network or not, pass it by your IT staff. This way there is a legitimate chance, if something does happen, to assess where the problem started and how to go about mitigating the negative aspects of any attack.
In the future, there will almost have to be systems in place for all connected technologies where they keep updated with the latest security patches (or at least the latest firmware) so that there is very little chance that some of these extremely vile threats aren’t unleashed on your network.
Another way to manage the IoT devices on your network is to assign them to their own separate network. This strategy will absolutely work insofar as there is no way for your enterprise-level IT infrastructure to get hijacked or infiltrated with malware because of IoT-related devices. The problem with this strategy becomes cost. Not only do you have to set up an additional networking infrastructure, you also have to constantly monitor and manage it.
Finally, you can prohibit IoT devices on your network. As more and more consumer goods come with sensors and Internet connectivity it will likely become more difficult, but if you are threatened by the horror stories surrounding IoT-based hacks and infiltrations, doing away with the risk may be the best way to solve the problem until there is a workable solution that you think is right for your network.
Rest assured, the Internet of Things is not going to get any smaller any time soon. In fact, it’s going to be a major consideration for people, businesses, and governments for a long time to come. If you are worried about how Internet of Things technology is going to affect your organization, or you personally, reach out to the technology professionals at Grove Networks. Our knowledgeable technicians will help you come up with a strategy to keep IoT devices from hurting your business. Call us today at (305) 448-6126 for more information.