Dealing with the endpoint security weaknesses of the Internet of Things
From vending machines that can autonomously send in refill orders to standalone surveillance cameras, the IoT is showing dramatic growth, and some authorities expect that by 2025 there may be over 75 billion IoT devices in use worldwide. Unfortunately, this poses a great challenge for endpoint and network security monitoring practices, as the exponential growth of the IoT will also vastly increase the number of possible directions from which a network’s security can be compromised.
The challenge of endpoint security and the IoT
The primary challenge involving the IoT is twofold. First of all, the vast increase in the number of network-enabled devices, which increase the range of possible avenues of attack. Secondly, because many devices that are part of the IoT are themselves vulnerable, they may provide hackers with an easy route to launch on attack on an otherwise secured network.
Perhaps the best example of these two factors was the 2016 Mirai Botnet incident. In this case, a botnet took over DVRs and IP camera systems, before making use of them to launch Distributed Denial of Service (DDoS) attacks against a variety of targets. Importantly, most of these devices were not owned or under the control of the targeted companies, making it impossible to directly address the source of the attack. For this reason, more IoT-based attacks should be expected in the future.
In addition, even those IoT devices that are owned by the organisation in question can be a source of danger. Because they are already authorised parts of the organisation’s network, a compromised IoT can provide an open road for those who wish to exploit any security vulnerabilities. This is especially true as many companies are less than diligent about updating their devices to plug new security vulnerabilities. In some cases, devices that are no longer supported by their parent company will no longer be updated at all, making them increasingly vulnerable as time goes on.
Protecting your security from the IoT
Protecting an organisation’s security from an IoT-based attack requires the following policies to be put in place:
Always evaluate any IoT endpoints within the organisation. It is vital to ensure that any devices have been updated to the most recent software and that the staff is aware of any recently discovered security flaws. Only those devices from companies that provide regular firmware updates should be purchased for use. Those IOT devices that are no longer receiving firmware updates from their manufacturer should be immediately removed.
Be prepared for a growing number of external attacks. As the size of the IOT continues to grow, the number of attacks will also continue to grow. The control point for all endpoints should be kept up to date, whether it is a firewall or a router.
Implement policies for internal and external IoT-based attacks. These policies should include plans for dealing with outages due to DDoS attacks, localising the source of any attacks and reputation management strategies to mitigate the outcome of any service outage.
Isolate mission-vital networks. By limiting the access to mission-vital networks, you can prevent compromised IoT devices from posing a threat. For example, creating a separate network with a lower level of access for non-critical devices can help reduce the danger of a security breach.
Invest in a skilled staff
One of the most important measures is to maintain a skilled and well-funded IT security department. Given the continually evolving nature of the IoT, only a flexible and skilled security policy will adequately protect the organisation’s networks and data. Most importantly, a well-trained staff will be able to engage potential security threats in a proactive manner, plugging points of vulnerability before they can be exploited.
Ultimately, the dangers posed by the IoT is just another example of how modern security threats continue to evolve and change. Because of this, only a flexible and well-supported security policy can effectively ensure an organisation’s network security.
- » Eight key factors to consider when using IoT to drive innovation
- » European Commission sets out its €20bn plan for ethical AI
- » Microsoft and Kymeta build ‘always-connected’ tactical SUVs
- » Back to IoT basics: Automating outcomes to improve customer experience
- » Volvo's trucks and cars will communicate to improve safety