The Internet of Things has recently gathered a lot of attention, especially from security professionals and research firms. More devices than ever before are connecting to the Internet, but is the Internet of Things as big a threat to your business’s security as everyone makes it out to be?
One of the biggest issue pertaining to the Internet of Things is the lack of control that enterprises have over IoT devices. With so much new technology connecting to the Internet and sharing data, it becomes incredibly important to put a lid on how much can be shared and distributed. The problem, however, is that there’s a lack of device management options, and modern security products often aren’t equipped with the technology to handle risks from the Internet of Things. This, in turn, leaves businesses, and their networks, vulnerable to potential hacking attacks that stem from IoT devices.
In general, cyber attacks have grown much more powerful and difficult to prevent. It’s estimated by Underwriters Laboratory that by 2018, 66% of all networks will have had a data breach related to Internet of Things devices. This prompts an interesting question; is it really that easy for IoT devices to be hacked and used for nefarious purposes? MacWorld suggests that most connected devices can be breached easily, thanks to open ports and weak default passwords. In many instances, the manufacturer, as well as the end-user, is at fault for configuring their devices with poor default security options, or failing to follow security best practices. Hackers will then use simple tactics to break into the IoT device, and use it as a jumping-off point for the rest of the network that it’s connected to.
In fact, the current state of IoT security is already questionable at best. IOActive, Inc conducted a survey in March 2016 that revealed some staggering figures concerning IoT security:
- 47% of respondents felt that less than 10% of all IoT products were designed with proper security.
- 85% of respondents felt that less than half of IoT products are secure.
- 72% of respondents felt that security was not adequately built into IoT devices.
- Respondents feel that user error (63%) and data privacy (59%) are two major problems associated with IoT security.
In light of the many threats posed by the Internet of Things, Underwriters Laboratory has implemented what they call a Cybersecurity Assurance Program (CAP) that’s designed to test network-connected devices for potential security discrepancies. The idea is to minimize the risk of exploitation, keep known malware under control, and educate users on how best to keep their devices secure. The UL Cybersecurity Assurance Program includes the following:
- Testing security criteria based on UL 2900 cybersecurity standards or specified requirements
- Testing leading to certification based on UL 2900 cybersecurity standards
- Evaluation and risk assessment of vendor processes for developing and maintaining security products and systems
- Training in security readiness for product design and sourcing third party components
Additionally, you should be taking the following security precautions to ensure that you’re prepared for the oncoming storm of Internet of Things devices:
- Improve your own network security standards
- Train your employees on security best practices
- Discuss product quality with manufacturers
- Implement a BYOD policy and mobile device management solutions
Gartner predicts that there will be approximately 21 billion Internet of Things devices used by 2020, so the time is now to ensure that your organization has the infrastructure required to sustain an IoT takeover. Ultimately, the Internet of Things has the potential to be a major problem, and it will take vigilance and education to dodge the many problems that it could bring. Remember, educating yourself and your employees on the basics of cybersecurity is the best way to combat online threats.