While much has been written about IoT and its promise of creating real business value, what has been underestimated thus far is the associated risks – the extent of the security challenges posed by IoT, and how best to sidestep them.
In its recent publication, Top Strategic Predictions for 2017 And Beyond: Surviving the Storm Winds of Digital Disruption (summarized on Forbes here), Gartner predicted $2.5 million per minute in IoT spending – and 1 million new IoT devices sold every hour – by 2021.
Perhaps more to the point: By 2020, it is predicted that no less than 7.5 billion IoT devices will be installed in corporate organizations, and this rapid and exponential growth of IoT within corporate environments creates an increased threat – with hackers finding new ways to use the devices toward malicious ends.
Top 5 Misconceptions of IoT Network and Device Security, our recently released eBook, puts into sharper focus some of the dangers associated with widespread IoT adoption and outlines several important ways to mitigate the threat.
Securing Basic Needs – Like Car Safety and Medical Treatment
The dangers of IoT apply to a shocking range of new and nightmarish scenarios both in and out of the office. For example, with cars transformed from the simple machines they once were into a network of computers, cybersecurity threats can potentially have a direct impact on the safety of our roads. This was illustrated somewhat starkly back in 2013 when security experts Chris Valasek and Charlie Miller hacked into both a Toyota Prius and a Ford Escape, cutting the brakes and uncontrollably blasting the horn among other things. More recently, in 2015, they hacked into a Cherokee Jeep and cut the transmission.
Similarly, the integration of smart devices into the healthcare system creates the dire possibility of remote manipulation of medical equipment. Healthcare facilities are now potentially vulnerable to a terrifying scenario in which hackers adjust treatments, such as the dosage of antibiotics or chemotherapy given to patients, or wipe out x-rays and alter digital medical records. This Forbes article illustrates the extent of the security problem.
These types of problems apply within corporate environments as well, and clearly, we do not have the luxury of ignoring the threat. And just to make the outlook even more bleak: According to a report called Rise of the Machines: The Dyn Attack Was Just a Practice Run by researchers James Scott and Drew Spaniel, increased regulation of IoT device manufacturing in the U.S. is unlikely to lower the degree of vulnerability.
So What Can We Do?
Our eBook highlights five areas of common IT practice or user activity that require greater vigilance – as well as the adoption of alternative practices – in order to reduce a company’s degree of vulnerability:
- Granting all-access passes to IoT devices that are plugged into your corporate network is certainly not wise, as these devices potentially represent the greatest risk to your network – and they should be forced to a defined segment of the business network
- Corporate users are bringing their own IoT devices to work and connecting them to the network without realizing that this creates a security risk, and IT must adapt to this reality
- Appliances require firmware patch updates on a very regular and timely basis, otherwise they create network vulnerabilities
- Connecting a POS to the same network segment as a PC makes a hacker's life that much easier.
- The default settings on IoT devices are not good enough, security-wise, and it’s essential that corporate users make at least basic adjustments – such as changing default passwords
A First Essential Step toward Safer IoT – Visibility
A holistic solution such as Portnox’s next-gen network visibility and access control management solution provides you with 100% actionable visibility into managed devices, BYOD, and IoT in real time so that you can have the necessary information you need, on an ongoing basis – and address vulnerabilities before they become security threats.
The Portnox approach identifies all authorized and unauthorized devices, and gives you a greater degree of anytime, anywhere control over user activities – providing a faster, better, more sophisticated approach to network security that meets the increased challenges presented by IoT.