26th June 2017
Top tips for acing IoT cyber security
How to maximise Internet of Things cyber security for your business
As the BBC's Jane Wakefield explains, “The Internet of Things is about connecting previously dumb objects, such as light bulbs and cameras, to the network”. While it is useful to have everyday objects implanted with software and sensors that make them “smart” and help them to gain and share sensitive data, a major problem is presented by IT security.
This is especially salient where Internet of Things (IoT) is used large-scale for businesses that hold a vast amount of private data for their customers, such as bank details and passwords. And, as the news keeps telling us, catastrophes occur once these so-called sophisticated systems are targeted by hackers and other cyber security threats.
Switch2IT works with a variety of organisations, including the construction industry and education sector and, in his article for ZDNet, Conner Forest offers some great advice for such businesses looking to take their IT security in hand. Here are the key points:
1. Ends justify means
Be aware that whenever a new endpoint device – such as a desktop PC, smartphone or printer – is introduced into a network, this brings with it another entry point that could be vulnerable to cybercriminals…
"IoT devices are likely to be built by numerous manufactures, on multiple open source and proprietary operating systems, and have various levels of computing power, storage, and network throughput," President and Chief Information Risk Strategist at IP Architects, John Pironti, wrote in a ISACA paper. "Each IoT endpoint will need to be identified and profiled, added to an asset inventory, and monitored for their health and safety."
2. Manage devices to an IoT
Make sure you understand the IoT devices present in your business and their purpose of each. Gartner Research Vice President Earl Perkins recognises this can be tough so suggests that businesses should practice asset discovery, tracking, and management solutions at the start of each IoT project.
3. Cyber vs physical
According to Perkins, IoT deployments consist of a physical aspect (the connected device and its setup) and a cyber aspect (data collection and use). While the cyber part can be addressed by maintaining good cyber security the physical part is more complex, maintains the Gartner research bod: "Knowing when and how you must secure the physical element is going to be a major focus for many data-centric IT organisations, and usually requires engineers to assist."
4. Patches for the win
Forrester Research Senior Analyst Merritt Maxim believes that when considering the implementation of IoT devices, the scope for patching is a deal-breaker: "This is important, not just for security purposes, but there may be other business requirements where the code needs to be changed over time… some devices may have limited ability to actually do patching, or the patching may involve multiple user steps and may be more complex than users are able to do successfully."
As reported in our Own Goal for Cloud Computing article, the CTO of IBM Resilient described IoT security as a unique problem because manufacturers have produced many devices that are insecure and cannot be effectively patched.
5. Prepare for the worst
According to Perkins, businesses should favour a risk-driven strategy, which prioritises critical assets in the IoT infrastructure. That is, business owners and their IT managers should always assign the greatest value and risk to given assets and secure them accordingly in order to mitigate any potential issues that could lead to a data privacy breach or decrease in productivity.
6. Test and evaluate
It is advisable to carry out penetration testing or device evaluation of the hardware and / or software before IoT devices are deployed, according to Maxim: "These devices can have vulnerabilities, and you need to understand what they are before you put them out there in the hands of the public or your users."
Just recently, the UK press has reported an influx of home router hacks. This suggests that manufactures of technology and the IT security industry need to up their games to stop the supply of poorly written software for devices and equipment such as routers. Switch2IT believes that regulation for products already in the market place would be a positive step towards nipping this particular IoT cyber security threat in the bud.
7. Be password savvy
Make sure you update the password on all IoT devices as soon as possible after installation. Default passwords supplied by vendors are not safe where wily hackers are concerned.
According to Forrester Research brain Maxim: "Hackers can be aware of what that password is, and they can then use that to gain control of the device… Passwords continue to be the weakest link, and that's really no different in the IoT case."
8. Be data driven
You must understand how an IoT device interacts with data in order to make it secure. Look at data generated by your business’s devices to familiarise yourself with it and arm yourself to spot anomalies.
According to Pironti’s report, business owners should also be cautious of their IoT devices using non-public personal information (NPPI) or personal identifiable information (PII): "This data has the potential to be used by adversaries to gain intelligence about an individual or organisation as well as itself being vulnerable to exploitation.”
9. Cutting-edge encryption
Make sure you rely on the strongest and latest available encryption for data moving to and from your business’s IoT devices. You should also employ a strategy that will help future-proof your business against potential cyber security threats.
As reported in our article Unsure about IT security? Switch2IT will switch on the lights: “The Internet Society has taken a clear stance on the utility of encryption as a fundamental building block for security and for trust: it should become the norm for Internet communication and governments should not undermine encryption and secure communication tools and technologies”.
10. Up identity-level control
With IoT, multiple users can connect to a single device meaning the IT security emphasis must be at an identity-level rather than at a device-level. This means authentication, specifically two-factor authentication, is the way forward for cyber security best practice in order to protect businesses from vulnerabilities presented by IoT devices as part of shared networks.
Switch2IT for a smart IoT strategy today
While the Internet of Things opens up myriad opportunities for UK businesses, it brings a boat-load of potential IT security issues. In order to keep your business on track and keep cyber security threats at bay, Switch2IT offers a range of professional technical support services from managed service IT contracts to suit your exacting needs to computer system backup strategies that will keep your business data highly secure. To set your smart IoT strategy in motion, either request an online quote or talk to a member of our team today on: 0800 0833416.
12th October 2017
Cyber Security: The Good, the Bad and the Ugly
Cyber Security: The Good, the Bad and the Ugly From tides of positive change via the IT networking bods at Netgear to despair in the tiresome encryption debate to undignified squirming from Microsoft about paying their taxes, this month Switch2IT explores the Good the Bad and the Ugly from the IT security and technology industries. Gettin...Read More >
22nd September 2017
Switch2IT says On Your Bike to data breaches like Equifax
On Your Bike, Data Breaches! There has been so much news about data breaches just lately that it is unreal – at least, the Switch2IT team wishes it was. The latest reports reveal that the Equifax data breach was a lot worse than first thought and that investigations into the extent of its impact are ongoing. As well as 143 million Americans...Read More >
25th August 2017
The complexities of UK data protection law
Who does data protection law protect and what are the parameters? The Information Commissioner’s Office (ICO) recently published a blog that caused a few eyebrows to rise among the Switch2IT team. Steve Eckersley ICO Head of Enforcement, who aims to “take purposeful risk-based regulatory action where obligations are ignored, exam...Read More >
18th July 2017
What's the future for technology post-Brexit?
We realise there are an influx of “what-now-post-Brexit” articles circulating but there is no getting away from the fact that the decision of that marginal majority to pack their bags and move out of the EU will have (and is already having) a significant impact on UK businesses, especially with regard to data protection. What the Switc...Read More >