By Mayleen Bywater, Senior Product Manager for cloud security solutions at Vox
Consumers and businesses alike are relying on the Internet of Things (IoT) to provide new ways in which to gather information, improve their lives and the way they interact with products, services and other businesses.
In most cases this means that connected devices and their systems will need to access data as well as store and interrogate it for analytical purposes.
IoT-based attacks are already happening. A recent Gartner survey found that nearly 20% of organisations observed at least one IoT-based attack in the past three years.
Security leaders should familiarise themselves with IoT security threats and the remedial actions required.
Known ways in which IoT devices could be compromised include:
- Updates to firmware not being consistently implemented. Firmware updates on the platforms and applications being used to provide the service are crucial otherwise it leaves the opportunity for hackers to gain access to the network and systems
- Distributed denial of service (DDoS) attacks on systems that are left weak due to poor and non-existent password and authentication controls
- Ransomware is being adapted to allow access to the data being provided – from video streams to Wi-Fi units and asset trackers – and then exploits companies for money
Mobile device management and data security are key elements as part of a consistent strategy to ensure the right security measures are in place. It’s of utmost importance to be aware of who has access to the data being collected and which systems are being used.
In a typical day we are exposed to a wide range of IoT devices which can include smart TVs, speakers, lighting systems, connected printers and smart geysers to name a few.
Data has to be managed with security in mind, from storage right through to removal. Data management must take the end user’s privacy into account and needs to be clear in communicating what the data captured is being used for.
Gartner forecasts that spending on IoT security is expected to reach US$3.1 billion in 2021 and by then regulatory compliance will become the main influencer for IoT security uptake.
The IoT permeates many of our interactions and as such it is necessary to ensure that this technology is integrated with the security posture of the company, including perimeter security and storage.
A consistent security strategy is required, anything less leaves the business vulnerable to attacks.