getty
The Internet of Things can open up significant time savings and convenience for both businesses and consumers through connectivity and data exchange. Still, with enhanced sharing comes increased risk. As more IoT devices become standard in organizations and homes, more doors open for malicious actors to compromise systems and steal valuable data.
To protect themselves, companies and consumers must be aware of the inherent risk factors and the most effective mitigation strategies. Below, members of Forbes Technology Council share smart steps both users and builders of IoT technology can take to improve network and platform security.
1. Regularly Check And Update Installed Applications
Different IoT solutions will require various communication networks. Therefore, it’s important to look at the applications that drive those IoT solutions. The applications installed on IoT solutions need to be checked regularly, and keeping applications updated is essential to minimize cyber risk on IoT solutions. - Abdulla Al-Attas, PLUS Malaysia Berhad
2. Develop A Company Culture Focused On Security
Make security a part of your employee culture. Security is traditionally delegated to the security team within an organization. However, security is everyone’s responsibility. There are simple things that one can do daily, from not sharing passwords to enforcing policies for workers to swipe their badges when entering a door. - Sam Joseph, Hakimo
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. Carefully Evaluate Your IoT Vendors
Don’t forget to consider the entire ecosystem of solutions. Evaluate the security capabilities and responsibilities of your IoT product and services vendors, making sure to establish clear lines of accountability and, in worst-case scenarios, liability. - Mohan Koo, Dtex Systems
4. Limit The Data Service Devices And SIM Cards Can Access
Block or limit telecommunication services (such as voice and SMS services) at the network level to prevent attacks that misuse these services. A good security catch-all is a network firewall that limits the data service a device or SIM card can access so it is only able to send traffic to a specific IP address range. This limits the device’s or SIM card’s data service solely to the application’s purpose. - Martin Giess, EMnify
5. Set Up Network Segmentation
IoT can refer to consumer devices or connected industrial systems. In both cases, network segmentation is the way to prevent adversarial lateral movement. There is no reason why a smart teapot or Wi-Fi lightbulb should be able to connect to your work laptop. And an internet-connected desktop should not have access to the operating controls of a water treatment plant or an oil pipeline. Stay safe! - Ilia Sotnikov, Netwrix
6. Maintain An Accurate Device Inventory And Test Frequently
All IoT devices are vulnerable—it’s just a matter of degree. Home-use devices are terribly insecure, and many enterprise devices are only as secure as the vendor’s implementation. True IoT devices (such as M2M and sensors) can’t always support authentication and full crypto. Organizations should keep an accurate inventory, engage in frequent testing and, for LAN-based devices, establish segmentation. - Jennifer Minella, Carolina Advanced Digital
7. Patch Zealously
Basic blocking and tackling is always the most important thing with security. Patch—patch with near-religious zeal. Estimates vary on how many security breaches are due to vulnerabilities that could have been patched. Patching is like having a “Beware of Dog” sign in your front yard. It won’t keep every burglar out, but it will inspire the less determined and capable to move on to a different house. - Kevin Parikh, Avasant
8. Beware Of Invisible Implants And Keep A Backup Device
Make sure that you do not rely only on L2 and up security. IoT devices can be exploited for use as an attack vehicle, so you need to make sure that you do not have any invisible implants or spoofing devices. You may also want to keep one device as a backup or “golden reference” in case things go wrong and you need to run through IR or forensics or recover from a physical ransomware attack. - Bentsi Benatar, Sepio Systems
9. Build In Security And Functional Updates
Producers of IoT technology should build in the ability to push security and functional updates to the device. Make this part of the sustainment model. Users of IoT technology should conduct proactive, periodic patching as part of the long-term operational model. Further, isolate IoT devices on different network segments to contain incidents. - Peter Gregory, GCI Communications
10. Don’t Trust Endpoint Devices
Physical access to endpoint devices renders any other security measures weak. IoT, by nature, requires devices to be installed in the field with no or limited guarantees as to their physical security. Do not trust data or the authenticity of data coming from the endpoints—fully isolate and sanitize the part of the platform interacting with them to prevent access escalation and data breach/loss. - Tishampati Dhar, Aerometrex LTD.
11. Consider The Human Factor
Take an inventory of all devices and proactively secure them all. Then look beyond the devices. Consider applications embedded in the devices and ways to secure them. Finally, consider how humans and their interactions may create additional vulnerabilities, and think about how to prevent them. - Olga V. Mack, Parley Pro
12. Avoid Over-Sharing
Many IoT platforms try to use their internet connections as a means of sharing connectivity with other devices or within their ecosystem. This tendency is riddled with ethical and logistical problems. IoT, by definition, is about the “thing” it’s performing, not the connection it inherently needs. Zero trust should be applied here, and the connection should be inaccessible. - Tom Roberto, Core Technology Solutions
13. Create A Comprehensive Security Architecture
For IoT to truly be successful and not act as a severe security risk, it is paramount to achieve comprehensive security architectures rather than disparate security frameworks for the various components within an architecture. Extending security to platforms and enacting granular packet analysis or zero-trust access can revolutionize the adoption of IoT. - Marc Fischer, Dogtown Media LLC
14. Protect IoT Devices With SSL Certificates
Just as we protect websites using SSL certificates, it makes sense to protect IoT devices with certificates. It helps secure devices against malicious use. When we bind identity to hardware, a device can authenticate connections, encrypt data and verify any APIs being executed on it. - David Moise, Decide Consulting
15. Set Up Weekly Security Audit Tools
To protect the security of IoT platforms, use weekly security audit tools that inform you of any security issues and risks as well as their severity. To protect IoT networks, ensure that all IoT devices are IEC 62443 compliant. Conduct regular security reviews and penetration testing to ensure network devices are not vulnerable, and prepare a risk-assessment matrix for IoT platform applications and network devices. - Nikhil Pachhandara, OPTOFIDELITY
16. Add Automated Anomaly Detection
The implementation of a user and entity behavior analytics solution is paramount for improving security. The attack footprint is continuously increasing, and attack methods are evolving, so there will never be enough hands to handle all security incidents. Anomaly detection that learns the normal behavior of each entity and identifies any unusual or suspicious activity is the first step in successfully managing incidents. - Spiros Liolis, Micro Focus
Check out my website.