/jul 30, 2015

Smart Devices Pose Many Challenges to IoT Security — Is Your Company Up to the Challenge?

By Pierluigi Paganini

Internet of Things—IoT securityInternet of Things (IoT) devices are everywhere, and they're not going away any time soon: Experts at Cisco speculate that in 2020 there will be more than 50 billion connected devices, including wearable health, connected vehicles and smart grids. And the paradigm set by the ever-present gadgets has significantly changed society's perception of technology, with almost every sector adopting IoT devices to improve user experience and deliver high-quality service.

But what about IoT security? These systems are able to gather and share huge quantities of sensitive data, which raises serious concerns. And most of the time, IoT devices are not designed with cybersecurity in mind; the software they run could be easily hacked, and associated data traffic could be compromised — causing unexpected alteration of the systems' behavior. As such, it's important that your firm takes all the necessary steps to keep all systems and data safe.

Take a look at the state of IoT security, and learn what you can do to prevent a hack or breach.

The State of IoT Security

Although nearly every industry has adopted an IoT infrastructure, few have given adequate attention to security. And with criminals increasingly interested in the IoT, any gaps in security can serve as open doors that allow for the abuse of sensitive data.

In a white paper entitled "The Internet of Things Poses Cybersecurity Risk," Veracode researchers analyzed the security of so-called "always-on consumer IoT devices." These are Internet-enabled devices that have a significant capability to interact with the physical environment around them (e.g., hardware sensors or peer devices). Their findings were disconcerting, to say the least.

Consumers are constantly exposed to cyberattacks and physical intrusions due to the use of a wide range of available IoT devices, such as remote-controlled garage doors and central control devices for home automation sensors. And because these devices are inherently insecure (and their users are often unaware of any impending threats), they're easy prey for hackers. Users must be aware that the improper use of smart devices could expose them to a wide range of threats, including data theft and sabotage.

Ensuring Device Security

As detailed in an article for Papers.Ink, there are five major elements to smart device development that can help manufacturers ensure security: secure booting, access control, device authentication, firewalling and IPS, and updates and patches. Beyond that, however, security must be addressed throughout the entire lifecycle of every smart object, from the initial design to the operational environment.

While manufacturers are responsible for the security of their products, organizations and end users should not blindly deploy smart objects, assuming they're completely secure. Every organization must have a clear idea of its surface of attack. Make it a point to identify any IoT devices in your organization, and examine the data they manage and how they manage it.

IoT security requires a new and innovative approach to cybersecurity. Firms today cannot simply migrate classic concepts of network security for this new generation of smart devices. It's only through time, research and evolution that security professionals can truly understand the possible threats and define proper measures to reduce the risks of exposure.

Want to learn more about the IoT threatscape? Start with Veracode's white paper or listen to the authors discuss the paper in a live-streaming videocast.

Photo Source: BigStock

Related Posts

By Pierluigi Paganini

Pierluigi Paganini is Chief Information Security Officer at Bit4Id, Editor-in-Chief at "Cyber Defense Magazine," a member of the DarkReading Editorial team, and a regular contributor for major publications in the cyber security field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, and The Hacker News Magazine.