How will IoT security differ from mobile security, and to what extent will IoT be more damaging to security policies than BYOD?
The security risks of IoT are related to the risks mobility and BYOD bring: letting employees, partners or customers connect to a network with non-secure devices can grant an outsider access to the business, and result in the company being the target of an attack, or being the vector of an attack for another target.
But, although BYOD security is an issue it’s a known entity and it’s manageable to a degree: it’s either going to be a phone, laptop or tablet.
IoT, however, could be anything from an employee’s t-shirt to the kitchen kettle, which is far more complex.
Furthermore, when security is incorporated by the manufacturer it’s difficult for the purchaser to ensure that the product has the level of security they expect.
Mobile device makers are highly experienced when it comes to securing their devices, IoT makers? Not so much.
The manufacturers and developers of connected devices, from fridges and rubbish bins to cars and watches, aren’t security specialists. They aren’t thinking about creating secure products or services that can be protected from cyber attacks or used as a vector.
As such these connected devices aren’t secure by design, with very low levels of security or no security at all – and are exposed to all the dangers of the Internet.
As the use of IoT devices grows, how will security requirements change, and what are the biggest security threats that the IoT poses? What IoT use cases present the biggest security concerns to the enterprise?
IoT devices are brand new targets and routes in for cyber-security attacks.
They could be used for anything from DDoS attacks from within the network, DNS tunnelling and data exfiltration – to botnet for distributed attacks and ransomware with encryption forced onto devices.
Enterprises will need to be mindful of this and careful of how they use these devices. The level of security on typical IoT devices – light bulbs, thermostats, smoke detectors – will never be good enough for what’s required from them.
The cost of implementing a good level of security on cheap IoT devices will, unfortunately, never be financially viable.
IT security departments will have to have a serious look at insider threats, as more connected ‘things’ are able to serve as a target or a vector of attack from the inside of the network.
Data exfiltration will be one of the biggest issues with IoT security, as these devices will all be connected to the internal network, but also communicating with the external world – it’s a massive opportunity for anyone looking to steal corporate data.
Employees even need to be aware of the risks of connecting IoT devices to their home and other networks; as the threat of an attack is multiplied.
Companies also need to consider issues with business continuity.
If all ‘connected’ objects are paralysed due to a security breach – doors, cameras, computers, printers etc – much of the business cannot function. Any IoT security measures will be need to be proactive, not reactive.
How can businesses go about drawing up guidelines to protect consumer privacy in the IoT age, and do organisations need to design security into the Internet of Things from the ground up? How can they do this?
Security attacks can have disastrous consequences for a business – but if organisations work more collaboratively, with external partners and employees, the impact can be minimised.
Both manufactures and enterprises have a responsibility to ensure security is part of any IoT device. Remember the case when IP security cameras were used as botnets for a DDoS attack?
As IoT brings new channels for cyber-attacks, IT departments will have to rethink their security strategies to suit the new threats. What was efficient in the past to protect businesses and their data is no longer suitable in the age of IoT.
Organisations cannot rely on existing security solutions, and instead have to deploy an up-to-date solution that can easily adapt to new and changing threats.
This explains why new adaptive security solutions – that can understand strange behaviours and mitigate attacks even before the real source is identified – have been released in the last few months.
How will the IoT influence the cyber security landscape in the next 5 years?
The insider threat landscape will increase dramatically as more and more devices are connected to corporate networks.
In a world governed by data, multi-connected businesses – and their IT departments – need to ensure their online tools are secure enough, and that they have the correct systems in place to protect against any form of threat.
Recent news stories demonstrate that legacy security solutions are not ready for the new techniques hackers are using.
Even the regulators are sitting up and noticing; GDPR, a regulation intended to unify data protection in the EU, will come into affect in 2018 – and, similarly, Privacy Shield in the US.
No longer are cyber attacks and data protection just IT problems, they’re business wide problems.
Sourced by Hervé Dhélin, worldwide marketing director at EfficientIP