A Brief Guide To Counter Cybersecurity Risks in IoT

Svetlana Yurkevich
Business Technology Analyst
July 12, 2018

Sensors, robots and cloud technology –  here’s how the Internet of Things disrupts the business world with connectivity and automation. The new concept interest a lot of companies, however, few bring the ideas to life, and the main reason is security.

The important thing to know is that security is not just the responsibility of CIO’s, it is a common concern of top management, developers, users and even government. Regulatory compliance should become the top priority for the companies willing to innovate their businesses with IoT and improve critical infrastructure. That said, businesses are expected to spend more than $3.1 billion on IoT security, according to Gartner research.

brief guide to iot security

With IoT concepts being implemented everywhere, from fitness trackers to Smart Factories, connected devices can be easily purchased and examined by hackers. That said, we should take in account that most of these devices are identical and have similar security settings which makes them more vulnerable to malicious attacks. Once a device is hacked, the producer should immediately counter the risks for other millions of the same devices and release updates as soon as possible. Otherwise, the sensitive data might be compromised which blows to the reputation of a manufacturer. That’s why the principle “forewarned is forearmed” should be an overriding principle for IoT device manufacturers, software developers and security officers.

Having recognized the security challenge, OWASP Foundation has initiated one of the most comprehensive IoT security guides having outlined top issues compromising IoT infrastructure:

Here’s where a logical question arises: what should be done to overcome all the possible pitfalls on the way to secure IoT? It’s critical that all the entities in IoT infrastructure contribute to the protection of connected systems, from top management to users and third parties. Let’s see what issues should be addressed to lower risks and ensure data security.

Chief security officer’s take:

The earlier senior-level management gets onboard with security, the better organization they may provide. What are CSOs accountable for?

First, they should perform regular and all-embracing risk assessment and security audits to verify that no new devices and sensors are added without permission and no vulnerabilities are approaching.

Second, they should ensure staff awareness control. It’s critical to put onboarding processes in place to make sure that all developers, employees, partners and customers are familiar with the security processes and policies. The other challenge is to consider the fact that employees may bring BYOD devices which connect to the corporate network. This means they should be provided with the secure access to internal systems and

The other challenge is when someone is leaving the company and take a device with them. This implies the additional level of security and process layers within the organizational structure.

And remember: nothing is perfect. All networks and devices are subject to a certain level of vulnerability, so the emergency plan is a must. Every minute of unnoticed breach will cost your company lost money and unsatisfied customers.

Developers’ take:

What about IoT developers? They should care about the security from the very beginning of product development and put this priority over price and sometimes over the convenience of use.

Thus, developers should think over the mechanism for security that meets the needs of the connected devices and network considering memory issues, bandwidth availability and computing power.

Today, applications are often composed of libraries and components rather than developed from scratch, so the majority of risks can be eliminated by scanning these components for vulnerabilities. Even more, it’s better to employ proven and trustful technology stacks, encrypted channels and authenticated protocols (see the picture below):

iot security guide

These security measures shouldn’t end up after being set up and run. The lion’s share of security concerns lies in continuous updates, upgrades and fixes of the whole system.

Also, it’s critical that developers protect users’ access to the system by providing them with two-factor authentication, request for default password change and password renewal over a certain period and timely system updates.

User’s take:

Although most of the security burden rests on the shoulders of the development team and chief security officers, users should care about their data as well. How exactly can customer contribute to IoT protection?

  • Set strong passwords for IoT devices
  • Store credentials securely, don’t share them over the network
  • Accept any updates and upgrades of the system
  • Not to browse the Internet on the devices which are not supposed for it
  • Not to enter sensitive information

When buying IoT device, customers should mind security as a selection factor and make sure that only authorized users have access to data and networks.

In a nutshell:

The technology that powers the Internet of Things is developing, but so do the hacking attempts. The broad set of vulnerabilities associated with connected technology and the growing number of devices sold across the world require closer attention from CSO’s, developers’ and even users’ part.

That’s why for IoT manufacturers, as well as for companies willing to implement IoT strategy in their organization, hiring security experts is the indispensable part of risk management and meeting quality objectives.

LATEST ARTICLES

How Robots Are Putting A Fresh Face On Healthcare

From construction and farming to banking and transportation, robots are seeping into every aspect of our lives. And healthcare is no exception. Oristep Consulting, a market research and analytics company, puts the future of healthcare robotics under the spotlight. Over 200 tech companies are already building specialized robotic devices for an...
READ ARTICLE

Health IT: What Patient-Centered Care Is All About

The modern healthcare has seen a transition from disease-centered to patient-centered care, and this change is part of the National Quality Agenda in the United States. Also called family- or user-centered, individualized or personalized care, it means putting patients and their relatives at the heart of medical decision-making and regarding...
READ ARTICLE

How Big Data is Transforming Healthcare

The potential of data stored in EHRs, EMRs, patient portals, genetic databases, mobile apps, and other health-related sources has been untapped for too long. But now, big data technology makes it easier for healthcare organizations to gather and analyze that valuable health data while fighting fraud, improving care, and reducing...
READ ARTICLE