IoT devices can become attack vectors for hackers to gain access to enterprise networks, and recent fore scout research shows businesses need to be aware of this and put adequate security measures in place.
“Initially, leaders viewed the IoT as a silver bullet, a technology that can solve the myriad IT and business problems that their organizations faced. Very quickly, though, they recognized that without the proper framing of the problems, the IoT was essentially a solution looking for a problem.” – Mark Hung, Gartner Research Vice President
A lot of new exciting technologies are launching every day, which is fueling growth in the Internet of Things (IoT) more than it was imagined a few years back. A recent study shows that IoT hardware, software, and services will generate an additional $34B in revenue by 2020. Kearney predicts there will be a $1.9T productivity improvement and $177B in cost reductions driven by IoT and realized by customers.
The rise of IoT connected devices leading to the rise in IoT app development comes with the concerns of Security Challenges.
What are the threats to IoT devices for enterprise employees?
Security risks arise as enterprises start to deploy IoT devices for the business and as employees bring those devices into the corporate network. While some of the industries have just started to introduce IoT into their business, the industrial sector has been using IoT for quite a sometime.
“They’re the IoT hipster” – Dave Lewis, global security advocate at Akamai.
It’s very crucial that their data is accurate and the system remains up running, for which they need to make sure their IoT devices remain safe and secure.
Let’s look at what all threats do enterprise might be facing regarding their IoT devices.
“The pace of innovation has generated requirements for millions of devices, most network (primarily wireless) connected in some capacity. Unfortunately, most of these devices have little or no protection at the software and infrastructure levels.” -Earl Perkins, Gartner Research Vice President
“The pace of innovation has generated requirements for millions of devices, most network (primarily wireless) connected in some capacity. Unfortunately, most of these devices have little or no protection at the software and infrastructure levels.”
Earl Perkins, Gartner Research Vice President
1. Domain Name Systems (DNS) attacks to enterprise infrastructure
Through Domain Name Systems, attackers or hijackers can hijack the domain. In order to prevent cybercriminals from using IoT devices to poison the DNS attacks, small businesses or enterprises need to maintain and patch their servers and invest in proper DNS to scale down the threats to attackers or hijackers.
DNS poisoning generally occurs when one of the caches is compromised. Like, if the cache on a network router is compromised, then anyone using it can be directed to a fraudulent website. Then the false DNS records trickle down to the DNS caches on each user’s machine.
2. Employees personal devices into the workplace
You will be securing the enterprise devices but what to do with the personal devices employees bring to the workplace? Wouldn’t that trigger a threat to the IoT infrastructure? Devices like Fitbits, smartwatches, iWatches, and other IoT devices. With this, you as an enterprise need to make sure no confidential data is getting leaked or no security breach is happening.
To save their own selves from the security breach, it is suggestible for the enterprises to keep Wi-Fi networks separate for employees’ devices as well as guest use.
3. The software gives itself too many permissions
Enterprises need to be diligent about carefully reviewing both the IoT software they are creating and deploying on their networks. At times IoT apps do give themselves too many permissions and it can open the gate for the attackers or hijackers. You might end up breaching your own security and data.
It is up to the enterprises, to which all software should be given the permission to be installed, and which needs to be scrapped. They should have their parameters to check and understand the software, whether it will leak the data or not.
4. The legality of Storing IoT data
Are you allowed to save and store all the data you have just created or fetched from some sources? You need to have legal clearance for that. Like for an example, you are in the healthcare industry, the patients’ data you have been managing, it’s very much subject to privacy regulations. You will need patients’ consent as well to share it somewhere.
Organizations and enterprises need to work with their legal departments to ensure that the data they have been storing, is not running afoul of data retention laws.
5. An inflow in the volume of data
When small firms or enterprises invest in IoT, it usually comes with a sudden inflow in data – which is being produced or collected. Before deploying IoT devices, enterprises should take care of few points: “Will the network be able to handle the volume of data they are to produce? Where would they store the data?”
Don’t get into a denial mode after receiving issues with data flow or get stuck with it, start planning from the initial phase only.
“Attackers are using IoT for lateral movement. They go through these devices in a network and try to reach an entry point or a segment of the network with valuable information. That east-west lateral movement is the most difficult. Cyberattackers are taking advantage of the vulnerable nature of the IoT devices to pivot or propagate within the network.”
Jonathan Langer, CEO of IoT security company Medigate.
How to alleviate IoT Security Threats?
IT and security teams should recommend device security setting to enable and review their network access and storage settings from time to time. It would allow them to go over and personalize their security for rigorous implementation of data according to the enterprise’s business requirements – in consideration of the need for Compliance with Legal Mandates and International Regulations related to data privacy and protection.
Employees should be requested to inform the IT department, as and when they find any unusual activity happening in their device or network or the device is lost or stolen.
Why do enterprises need to secure IoT devices?
A culture of security awareness is of particular importance in environments which include employees’ personal device as well as the enterprise’s infrastructure.Twitter It requires greater attention to the personal
devices coming in at the workplace. Because allowing the use of personal devices will open up the organization’s network security at risks like vulnerabilities and malware. Enterprises might fail to see the problems in the initial phase but in a long duration, it’s a real-life business risk, which might end up harming the company’s integrity.
As it’s a rise in IoT devices, hackers are looking more and more interestingly to exploit. A successful IoT security plan can be drawn by building multiple layers of security. In a blended computing environment like this, enterprises need to consider taking on a data-focused approach to security. Twitter IT departments would need to deal with both security and resource issues.