The Internet of Things (IoT) is going from strength to strength, with global spending on the industry set to reach over US$1 trillion by 2021. Consumer electronics get a lot of airtime when it comes to IoT but this broad and diversified grouping forms only the fourth largest segment of the market. Manufacturing, transportation and utilities all take larger slices of this growing technical pie. There are many ways the IoT is becoming incorporated into business operations, and plenty of trends to follow. Unfortunately, the combination of new, internet-connected technology and rapid growth has created a range of security vulnerabilities. Because the IoT is relatively new there is no standardisation across platforms. While there are efforts being made to bring manufacturers on board with wide ranging certifications and standard practices, there is speculation that the regulatory horse may have bolted.
So how can you factor in IoT technology into your business and actively defend against cyber security threats? This article will discuss some of the known threats and weaknesses that comes with IoT-connected devices in relation to the current trends and uses for the technology in business. If you’re not sure how to take advantage of the tech, consult with trusted IT professionals to get the best advice on how to connect IoT devices to your networks securely.
Unauthorised devices on company networks
When employees bring in IoT devices to use in the workplace but don’t tell the IT department about them, they unknowingly create a significant security risk for the business. The so-called shadow devices are being connected to company networks with no vetting or oversight from tech support. Shadow devices are typically personal wearable health trackers, personal assistants like Google Home, smart TVs, cameras and appliances like kettles and microwaves. In some cases, the devices have been bought as company purchases, without understanding the security implications.
Why are they a threat for your business? A lot of smart devices use default passwords, and many of these cannot be altered. Like software that hasn’t been updated, IoT devices may have old versions of code with known weaknesses. Once these standard passwords or weaknesses are found and published online, it is easy for hackers to ‘break in’ to the devices and use them as gateways into otherwise secure networks.
Mass deployment of devices and hijacking
Your business may need significant numbers of IoT devices, particularly if your work requires sensors or cameras. What’s the risk? When known vulnerabilities exist, hackers can take control of huge amounts of devices and direct them to undertake massive scale attacks on other websites and servers. The Mirai botnet attack is a well-known example. This concentrated mobilisation of computing power was used to take down gaming servers through DDoS attacks, but ultimately, after the botnet codes were made public, they caused major websites such as Twitter, Spotify, Amazon, Reddit and the New York Times to go offline for hours. Iterations of this botnet are still being used today. Why does this trouble your business? While hackers have control of your devices, you cannot operate them, losing time and money in the process. In addition, you may suffer follow-on security weaknesses.
Risks associated with rapid growth and IoT deployment
As discussed above, the deployment of IoT-connected devices in industrial processes and office-based roles has been swift, deep and shows no sign of slowing down. Part of the attraction is that these devices are relatively user-friendly and simple to implement. This speed of integration can place significant pressure on IT teams. There may be some lag time between installation and security processes coming online, and this is particularly acute if the devices are not approved in the first place (shadow devices). There will necessarily be increases in spending on training, building new architecture and programming.
Maximising usage and unexpected costs
If your business is considering implementing IoT technology, research the total costs of doing so. The initial cost per device may be attractive, but there can be additional costs. As mentioned above, the IT department will need significant investment in upskilling to provide support for the new tech. There will be increased staff support requirements and possibly a lag in productivity while teething problems are worked out. In addition to this, the specific digital security strategy for these devices will need to be created and implemented to protect against attack. If this security cannot be funded or maintained, you may need to use risk minimisation strategies and disengage the devices until it can be.
Operational blind spots can develop when deploying IoT devices
Sometimes, the sudden realisation of the potential of IoT devices can override security concerns. In some industries, security concerns may not even register in the rush to take advantage of new methods of data collection and transmission. The medical industry is a fantastic example of this. Many wearable monitoring devices such as halter heart monitors are now connected to the internet. This is a boon for medical staff as results can be collected in real time and emergencies broadcast instantly. Many health organisations have little focus on testing or maintaining the security of these devices. However, like any other industry, these devices and the networks they connect to are vulnerable to hijacking and use as backdoors into very sensitive data storage banks.
The potential of the Internet of Things cannot be overstated. There are wide-ranging benefits for almost every industry. Positive movement and taking advantage of new technology is a must, but so is maintaining a secure digital environment for your business. You should have both.
About Mustard IT, your Internet of Things partner
Mustard IT provide the design, build, installation and maintenance of secure IT servers and networks, and IoT-related installation and security processes. Our trusted team are experienced able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.