From a security operations standpoint, hackers can hack anything tied to those billions of IoT devices. Safeguarding them is no easy task. Today, with the situation in Ukraine and the Russian aggressors, I feel a bit personal on this topic.
The Internet of Things (IoT) generally refers to items and equipment that can be remotely accessed, addressed, and controlled. We’ve seen how those capabilities have developed just this week.
Okay, I admit it, I like the daily conveniences of home devices.
At home and at work, I can initiate and operate many machine-to-machine and machine-to-person communications.
These aids that we have deployed in our lives include cutting-edge computing devices, home appliances, wearable technologies, and even my car giving me orders. IoT is the fusion of the physical and digital worlds.
Experts predict more than 30 billion IoT connections by 2025, which means four IoT devices or more per person.
In other words; there are billions of sensors connected and interacting on these devices (iot-analytics.com).
Every second, 127 new devices connect to the Internet, according to the McKinsey Global Institute. (Take a look at the car device mapping on McKinsey’s dotcom media site.) From a security operations standpoint, hackers can hack anything tied to those billions of IoT devices. There are many IoT devices, and protecting them is not an easy task.
Especially with so many different device types and security requirements.
The security risk of IoT
Every IoT device is a potential entry point for hackers to your data. And a threat to your supply chain. This is according to a report from Comcast. Laptops, PCs, cell phones, tablets, network cameras and storage devices, and streaming video devices are most susceptible.
I wasn’t too worried about all of our IoT security risks until last night when I heard the news from Ukraine and our office started communicating. We have wonderful developers working on everything, but now what?
Perspectives on cyber-
The monthly average of threats to a home is approximately 104 attempts against its devices. Other than that, most IoT devices have limited processing and storage capabilities. This makes it difficult to use antivirus, firewall, and other security programs.
As edge computing collects local data, it becomes a concentrated target for qualified threat actors. For example, along with IoT hardware, ransomware can attack applications and data. For example, Check Point Research showed a 50% increase in average daily ransomware attacks in the third quarter of 2021 compared to the first half. The uptick is attributed to the pandemic.
Distant work trends and remote offices are increasing the incidence of IoT attacks. You must understand the dangerous landscape and up your game to help protect yourself.
Top dangers for IoT according to the US General Accounting Office (GAO):
Intervention to the telephone line
SQL injection (controls the database server of a web application)
For example, wardriving (searching for WiFi networks by a person in a moving vehicle)
zero day defects
Additionally, cybercriminals discuss vulnerabilities and attacks on the Dark Web and online forums, making some of the GAO’s attack tactics more complex.
Threat actors include hacktivists, criminal organizations, and nation-states. In addition to understanding threat vectors and attackers, it is critical to understand the following areas:
SEC Supply Chain Vulnerabilities:
Therefore, it exacerbates supply chain vulnerabilities. For example, weaving networks and devices together, IoT exponential connection. Meanwhile, the increasing integration of endpoints and a rapidly expanding and poorly regulated attack surface threaten the IoT. By using IoT endpoints, hackers can crash websites by flooding them with traffic requests.
According to a 2017 survey by Altman Vilandrie & Company, more than half of US companies employing IoT have experienced cybersecurity breaches.
However, many more companies were probably victims but did not disclose it. ABFJournal stated: Nearly half of US IoT companies have security breaches. As of now, there are 44 billion IoT endpoints worldwide, with authorities expecting the number to triple by 2025. IoT Endpoints 2020: Push Industries and Use Cases (i-scoop.EU)
In 2017, the “WannaCry” ransomware emerged.
WannaCry harmed governments, organizations and networks connected to IoT. The malware affected more than 100 countries and tens of thousands of IoT devices in May 2017.
The interaction between OT and IT operating systems, especially critical infrastructure, is another security issue. Adversaries have improved their understanding of control systems and attack them with weaponized malware.
security by design
The industrial internet of things and operational technologies have increased the attack surface. Energy infrastructure operators must employ “security by design”.
Energy infrastructure needs security by design, says Chuck Brooks, expert at GovCon (govconwire.com) Yet every cyberattack approach applies to the IoT, IT, and OT ecosystem.
You will need even more sophisticated security for all IoT endpoints in the future, and all individuals and businesses will want to be more vigilant.
The Cybersecurity Law:
The good news is that policymakers are finally getting it, but it’s too late. A new Cybersecurity Enhancement Act in Congress requires OEMs in areas including medical devices, automobiles, and critical infrastructure to design specific products to reduce susceptibility during operation.
The Cybersecurity Enhancement Act provides standards for IoT adoption and security vulnerability management. But as the last word goes, it has to be managed, and that means by people who know what they’re doing.
IoT cybersecurity solutions and services
Risk management is essential in any security situation, physical or digital. IoT incorporates both. Understanding the IoT landscape is critical to IoT cybersecurity.
It is the most excellent feeling to know how to secure your most valuable things. Furthermore, it is prudent to prevent and resolve security events and breaches. There is a range of solutions, services and standards to look at when a corporation or organization considers risk management architecture.
Below are measures and examples of IoT security issues that C-Suite can employ to help resolve some of the security issues. At a minimum, keep running this checklist.
- Like NIST, use a proven IoT cybersecurity architecture based on industry experience and best practices.
- Assess the security of all network devices (on-premises and remote)
- Plan for IoT/Cybersecurity incidents.
- Separate IoT devices to reduce attack surfaces.
- Protect your network and devices with security software, containers, and appliances.
- Detect and report threats
- Scan all software for network and application failures
- Update and fix network and device vulnerabilities
- Avoid integrating devices with default passwords and other known flaws.
- Assert privileged access for devices and apps
- Control access with strong authentication and biometrics.
One of the most important ways to help personal information and company information is to use connection protocols through automatic authentication.
You must encrypt data in transit for IoT. Stronger firewalls. Protected WiFi routers. In short, invest in multi-layered cybersecurity defenses, including antivirus
save all data
Likewise, managed security and qualified consultants are available 24/7. Similarly, ask yourself the question: is your cloud security as a service secure?
Meanwhile, integrate emerging technologies like AI and ML (machine learning) to fight back. Plus, have reliable real-time auditing (including predictive analytics)
Above all, make sure all of your staff receive security training – EVERYONE, not just those you think are most important.
To be alert
Despite all efforts, there are no foolproof methods to safeguard IoT. It’s a great question. On the other hand, there are great results.
For example, higher efficiency. On the other hand, machine learning-enabled cybersecurity techniques will eventually drastically minimize intrusions.
Live the model “Prevention is better than cure”
However, in terms of IoT security (and any security), the “prevention is better than cure” cliché remains (and makes it one less target). In other words, a comprehensive risk management strategy to analyze and mitigate IoT risks can help close security gaps.
Therefore, all those linked should aim to improve their cybersecurity preparation. It’s like the proverbial fox in the chicken coop setting.
Don’t let an attack happen to you.
Image credit: Tima Miroshnichenko; pexels; Thank you!