Internet of Things (IoT) refers to the billions of specialized physical devices around the world that are now connected to the Internet. Collecting and sharing data, these interrelated computing devices have unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
Challenges of IoT security
Although designed to simplify our lives, IoT devices bring with them a number of cybersecurity risks and IoT security has become a hot topic after a number of high-profile incidents where a common IoT device was used to infiltrate and attack a larger network.
So here’s the question: How do we allow billions of “things” to connect to the Internet and each other, opening them up to serious vulnerabilities, until we can properly protect them?
The simple answer is – we can’t. Implementing effective security measures is critical to ensuring the safety of networks with IoT devices connected to them.
Addressing IoT security challenges
1. Get visibility into your IoT assets and continuously monitor them for risk
The very first step in securing IoT is knowing what’s connected. This includes using a device identification and discovery tool that automatically and continuously detects, profiles, and classifies what’s on the network, maintaining a real-time inventory of devices. Obtain relevant risk insights for each of these asset classes by continuously monitoring across attack vectors. By following industry best practices and adopting leading-edge solutions, you can understand, manage, and secure your complete asset inventory, including IoT.
2. Employ good cyber-hygiene and educate employees and device admins/owners
It is imperative to avoid hardcoded or default passwords and educate device admins on this. Limit the ability of IoT devices to initiate network connections; instead, only connect to them using network firewalls and access control lists which will limit attackers’ ability to move laterally within the network. Segment by assigning policies and separating assets, which also stops the threat from moving laterally, as assets are classified and grouped together.
3. Maintain a separate network
One strategy that is gaining some traction is the idea of separate networks. The FBI has recommended that owners of IoT devices isolate this equipment (smart TVs, smart appliances, smart security systems, and so on) on a separate Wi-Fi network, different from the one they’re using for their primary devices, such as laptops, desktops, or smartphones.
The reasoning behind this is simple. By keeping all of the IoT equipment on a separate network, any compromise of a “smart” device will prevent the attacker from having a direct route to the user’s primary devices where most sensitive data is stored. Also, jumping across the two networks will require considerable effort from the attacker.
4. Use honeypots
Internet honeypots are another strategy being used to secure IoT. These are decoy programs that look legitimate but are specifically designed to trap intruders who are trying to attack a system. During the process, the attackers are stealthily observed, without the intruder’s knowledge.
Information which is collected through the honeypot can be sent to a sandbox for automated analysis. This makes it possible to preempt attacks, collect and assess malware targeting IoT devices, and take quick remediation actions.
Kaspersky reports that its honeypots detected 105 million attacks on IoT devices in H1 2019 coming from 276,000 unique IP addresses (as compared with 12 million attacks coming from 69,000 IP addresses in H1 2018) – an alarming 7x increase. With IoT risks growing faster than IoT deployments, increasingly unfavorable risk-reward numbers will inevitably begin to limit IoT growth unless device security is improved industry-wide.
The bottom line for IoT Security
IoT devices are increasingly being used in our personal lives as well as in the enterprise and they are here to stay. The more variations of IoT devices we see out there, the more complex IoT security problems are arising. Cyberattacks on IoT devices are booming, as even though more and more people and organizations are purchasing ‘smart’ (network-connected and interactive) devices, such as routers or DVR security cameras, not everybody considers them worth protecting. Cybercriminals, however, are seeing more and more financial opportunities in exploiting such gadgets. The use networks of infected smart devices to conduct DDoS attacks or as a proxy for other types of malicious actions are also increasing. If we want our devices smart, we need them to be secure as well.