The Internet of Things (IoT) refers to the billions of physical devices around the world that are connected to the internet, all collecting and sharing data. As technology continues to advance, anything can be turned into part of the IoT. Worldwide spending on the IoT reached $749 billion in 2020 and is predicted to overtake the trillion dollar mark in 2022.1 Even though we can now do things deemed impossible decades ago, there are, however, a few downsides to digitising everything. The more devices are connected to the internet, the more attractive the data becomes for cybercriminals (through ransomware, for example). This is why it is crucial to protect IoT devices so as not to fall victim to cybercrime.
Why is IoT security so important?
There have already been lots of cases of IoT devices being hacked when criminals have searched for IoT security vulnerabilities and been successful. Some businesses have even had their industrial robots hacked as well as equipment connected to them. The reason is that hackers are able to alter control-loop parameters, tamper with production logic, and alter the robot’s state, and much more. A group of researchers decided to demonstrate how much damage a hacked robot can actually do. They found vulnerabilities in the robotic arm’s system and were able to program the robot to cause millions of dollars’ worth of damage to the products it was manufacturing.2
Cybercriminals will stop at nothing, even hacking medical equipment. An example of this was the WannaCry ransomware attack on the NHS in 2017, which affected computers, MRI scanners, and operation theatre equipment, and put many lives at risk.3 This is why IoT device security is crucial.
Ways to improve IoT security
IoT security wasn’t really taken seriously until recently after many hacking attacks resulted in catastrophic consequences. Since IoT security vulnerabilities are like a welcome sign to hackers, many IoT security measures are now being taken to close security holes and prevent security breaches at the device level, nipping the problem in the bud before it has time to wreak havoc. Here are some IoT security best practices businesses can adopt to protect their devices.
Change default passwords
This initial step to improving IoT security may seem quite obvious, but there are businesses that forget to change the passwords they were originally given. Once the passwords have been updated, they should be changed regularly. A business can even set up forced password changing after a certain amount of time has elapsed to ensure accounts are properly protected. A password vault can be used to protect the passwords and means that employees don’t end up writing them down. This closes off one way that cybercriminals could potentially use to enter the network to obtain sensitive information.
Make sure the software is protected
Devices connected to IoT can be secured by implementing active security measures in their software. Providing security measures such as password protection for accessing the software is one of the ways to safeguard devices from potential attacks. It is also important to not let IoT devices initiate network connections on their own – critical data could end up being leaked if programs aren’t blocked behind firewalls or have restricted use. Any devices and software installed on them need to be checked on a regular basis to ensure there are no threats lurking or that no security gaps have formed. Keeping software up-to-date is imperative in the fight against IoT security risks.
Defend against IoT identity spoofing
Hackers have and continue to become cleverer over the years, which is very disadvantageous for IoT security. Many disguise their computers as trustworthy devices, meaning that businesses must verify the identity of the IoT devices they connect with to make sure they are legitimate. By simply accepting all connections, the business is at high risk of being spoofed or hacked and once criminals have found their way into the network, it can be hard to get rid of them.
Use encrypted protocols
Very few devices use encrypted communications as part of their initial configuration. They are more likely to use normal web protocols that communicate in plain text, which makes it easy for hackers to observe them and spot weaknesses. This is why it is crucial for all web traffic to use HTTPS, transport layer security (TLS), Secure File Transfer Protocol (SFTP), DNS security extensions, and other secure protocols when communicating over the internet. Devices that connect to mobile apps should also use encrypted protocols and data stored on flash drives should be encrypted as an IoT security measure. Only by encrypting data can you be sure that malware hasn’t infected the device.
The ALSO IoT Platform helps ALSO partners and their customers to join the ever-expanding world of IoT. This solution contains the aforementioned complete device management, allowing the user to control which device can access which data, and prevent unauthorised access.
1 https://www.statista.com/statistics/668996/worldwide-expenditures-for-the-internet-of-things/
2 https://www.wired.com/2017/05/watch-hackers-sabotage-factory-robot-arm-afar/
3 https://en.wikipedia.org/wiki/WannaCry_ransomware_attack