The first step in understanding the need for Cyber Security Solutions in the context of the IoT is to understand what the IoT actually is. Simply put, it is connecting different Internet-enabled devices over the Internet. Not just smart devices like desktops, laptops, and smartphones, but devices not normally thought of as network devices like fridges, cookers and entire manufacturing production equipment.
The IoT environment will be very large, dwarfing the current Internet network. Some estimates put the number of connected devices as high as 100 Billion by 2020.
IoT will affect all areas of life, running through professional and personal services to manufacturing to the way we interact with our environment.
Examples can already be found in transport where fly-by-wire aircraft are increasingly common. Driverless vehicles are in an advanced state of development. Many manufacturing companies use fog computing and IoT to automate the existing manufacturing process without increasing the load on their central networks. Buildings can now be automated with remote management to simulate occupancy while the residents are absent and to reduce utility consumption and cost.
What are the dangers of IoT?
One aspect that many observers are giving deep thought to is cybersecurity. Cyber Security Solutions specific to the IoT are going to be vital. The effects of malware attacking an electronically managed aircraft or vehicle can be catastrophic. Damaging the equipment managing business processes can be equally devastating.
Unfortunately, there seems right now to be a bit of a blind spot in the need for Cyber Security Solutions tailored to the IoT, and a lack of awareness in the business community.
It is self-evident that the IoT creates business opportunities, but unfortunately, it is not only for legitimate purposes but also for cybercriminals. Because of the poor focus on Cyber Security Solutions for IoT devices, they are extremely vulnerable to hacking and other exploits. Indeed, AT&T has reported a 3000% increase in the last three years in attackers attempting exploits against IoT devices.
What can be done to increase cybersecurity in an IoT environment?
Plan Thoroughly and Take it Seriously
The first and most important step is to take cybersecurity in an IoT environment seriously, just as you do in a regular network environment. Draw up a security plan for the IoT environment and ensure that your IoT kit is managed and secured properly.
Because you can never be sure exactly what devices are going to make up your IoT environment, create policies that regulate Bring Your Own Device (BYOD). If you are an employer, make sure that you also have a policy setting out what employees can and cannot do in respect of IoT.
In principle, isolate your IoT network from other networks in your business, so if things go wrong they are limited to the IoT environment and your other business systems can continue to operate. Some specifics:
- Change all default passwords. A common failing with software is to leave the default passwords in place. Replace the defaults with strong passwords and change them regularly.
- Don’t broadcast your wireless network SSID. Keep it hidden from prying eyes.
- Use automatic update facilities on the IoT network. Schedule regular checks and manual updates for devices that do not have automatic software and firmware refresh capability.
Implement a security policy
- Implementing a policy setting out a regular programme of activities to make sure that all countermeasures are in place and valid. The policy should also include the activities needed to remedy any errors.
- Carry out incident tests to check security regularly. Security audits can also be useful.
- Backup, backup, backup. Do this regularly to secure locations. Take multiple copies to different locations, some offsite. It won’t be the first time that backups have proved unusable, so check them regularly by restoring them to a dummy network.
User Awareness and Education
It has been demonstrated by the FBI among others that the greatest threat to cybersecurity sits between the keyboard and the chairback. More cyber threats arise through user errors and omissions than from any other cause. You need to have your users understand why and how to recognise and avoid malware in standard networks and in an IoT environment:
- Education should start at induction and be regularly reinforced during employment. Have a newsletter for example.
- Education should cover what malware and credential theft are, how to recognise it, both electronically and by impersonation. Users must be able to understand what information is being collected by the devices in your regular and IoT networks and why.
- What to do if the suspect they have encountered malware or an attempt to steal user credentials.
Simply put, security in an IoT environment is as essential at that of a regular network environment. Indeed, when looking at some applications, for example, aircraft, driverless vehicles, and some manufacturing processes, it is vital to ensure that these IoT systems cannot be tampered with.