How IoT and Connected Devices Are Changing the Way We Think About Cybersecurity
By Nathan Sykes
Today's technology is connected and smart, or at the very least, it collects user and performance data. We now have smart locks and garage door openers, smart appliances, smart vehicles and even smart pet devices. On the enterprise side, we have Internet of Things (IoT) sensors for tracking goods and shipments and smart machinery in manufacturing.
With each new device connected to a network or the internet comes a significant increase in vulnerability. Gartner reports that an estimated 20.4 billion connected devices will be operating globally by 2020.
More Varied Attack Vectors
Each new device or piece of connected technology introduces not only a new platform ripe for attack, but also new channels.
Consider a smart IoT sensor, for example. The device itself is vulnerable, but so is the data that is being exchanged to and from said platform. Hackers could take control of the sensor or equipment to carry out nefarious actions or even blackmail the owner and its users. In addition, the data coming from the device could just as easily be stolen, manipulated or leveraged.
The IoT then poses many things and opportunities that are at risk for attack. There are a seemingly limitless number of new angles and methods the unscrupulous can use to their advantage.
Data Corruption and Seizure
Central to any connection is the transfer of data. It is continually flowing to and from various devices, machines and servers. At any given time, hackers could seize control of those data streams and use them to carry out many attacks.
For starters, many data-based platforms assume the information rolling in is authentic. What happens when hackers corrupt or manipulate the data, such as by hacking into a financial system and rerouting funds to a custom account as opposed to the one they're supposed to go toThis could theoretically be done by merely changing a few numbers.
In the case of live security feeds, what if an attacker tunes in to watch a user's movementsThis would then allow them to plan a burglary or break-in when said user is indisposed.
It then becomes essential to secure any data being streamed, as well as the transfer method itself. Data protection measures like encryption, network monitoring and authentication are necessary for safe operations. Consider some of the high-profile breaches that occurred over the last few years and the damage data alone caused. Companies like Equifax, Ashley Madison, Friend Finder Network, Yahoo, Twitter and many others all saw record losses.
Not all the changes are adverse. One incredibly beneficial thing that's happening in cybersecurity is the emergence of reliable automation. With the help of AI, machine learning, IoT equipment and a variety of connected technologies - cloud computing, for instance - it's now become possible to automate network security and maintenance fully.
What these systems enable are real-time, instant reactions to security threats. Furthermore, the systems are vigilant, always on and ready to take action, unlike humans, who may experience fatigue or even a loss of focus. It's also much less expensive to cover the costs associated with an automated system over an army of human workers.
Security From the Ground Up
Until more recently, security has always been a network-rooted issue. Proper authentication protocols, restrictive device use and private connections were the way to go. That's not to say outside factors never posed risks, but it was always about who you allowed access.
Today, it's been expanded to include device issues. In other words, what you allow access is as important as who.
At any given time a device could be connecting to the company network, compromising data and systems. It could be something as sophisticated as a laptop or smartphone or something as simple as a wearable device or fitness tracker.
Historically, it was easier for IT and security teams to restrict device and hardware usage on a network, primarily because they were in full control. Now, that's no longer the case, especially in BYOD environments. Networks and systems need to be designed from the ground up with proper security in mind. That means developing integrated solutions that can aid traditional security measures and factor in external devices like IoT hardware.
What are some solutions?
- Records must be kept of all data streams, devices and hardware on a network, as well as all the users connecting to the system.
- Sensitive data must be tracked at all times, and it must be clear where it's going, how it's being used and where it's being stored.
- Employees and personnel must be trained and educated on following security protocols.
- Multifactor authentication and advanced encryption should be used to protect unauthorized access.
- Proper security controls should be implemented that allows IT and security teams - or partners - to take action when there's an issue.
Fundamentally, organizations should be prioritizing network and data security at all times.