3 Security Steps Every IoT-Using Business Should Take Right Away
Here are the steps that every business with IoT devices should take right away.
Ever since IoT devices started to make inroads into businesses and homes all over the world, they've been plagued with security problems both large and small. Everything from smart thermostats to smart speakers has seen their share of issues, and the problems extend all the way up to some big-name vendors. In short, nobody's been safe.
As IoT technology starts to gain more traction in business environments, the dangers are only going to grow. There's already mounting evidence that it's starting to happen. According to a recent survey of businesses who have already started rolling out IoT devices into their networks, the vast majority have already suffered attacks – many of them successful.
For IoT to live up to its vast potential, something has to give. For right now though, it's incumbent on IoT device owners to take matters into their own hands when it comes to security. For businesses, that requires some careful planning and swift action to make sure their devices don't become a liability. Here are the steps that every business with IoT devices should take right away.
Hire an IoT Security Manager
The first step for businesses to mount an effective defense against the vulnerabilities of their IoT devices (and those that will join them soon) is to hire a dedicated IT security analyst to put in charge of their efforts. It's not enough to simply task existing IT staff with getting the job done. That's because IoT devices pose some unique challenges for network administrators and the complexity of the work demands strict, full-time attention.
The person put in charge of IoT security should have a background in both general cybersecurity and enterprise networking, so they'll be able to grasp the full picture of what they're dealing with. They should also have decision making authority over which new devices are allowed onto the business network and how they're provisioned. Having a single point person handling the job decreases the odds that a vulnerable device will slip through the cracks, which is one of the biggest ongoing risks for large IoT deployments.
Segregate IoT Devices From Mission-Critical Systems
To facilitate easier device management and control and to lower the risk of having a minor exploit turn into a network-wide breach, the second step is to segregate IoT devices from other network resources and systems. Creating a dedicated network for IoT technologies and limiting (or eliminating) pathways from it onto the main business network is one of the most effective ways to prevent an attacker from using an IoT device to steal data or harm important systems.
It's a lesson that a US casino has already learned the hard way after an attacker exploited the sensors in an internet-connected fish tank to exfiltrate 10 gigabytes of sensitive customer data. Had the device been connected to a hardened and isolated network, such an attack would have been impossible. If nothing else, it's an object lesson in how even a benign IoT system can cause grievous damage to a business if not properly secured.
Invest in Endpoint Security Solutions
Since a sizable number of IoT devices have glaring security flaws, the third step businesses should take is to invest in a 3rd-party endpoint security solution to protect their hardware. Multiple vendors are now coming to market with products that can handle the job. One, from Dell-backed startup VDOO, even provides for a security agent that can run on a variety of IoT device platforms.
Such solutions not only add an extra layer of defenses to potentially vulnerable devices but also allow for increased visibility of what those devices do on the network. When it comes to IoT, visibility is the key to security because it's near-impossible to maintain total control of every network-attached device in en ecosystem that's always in flux. It also makes it possible for network administrators to spot attacks that get by the security measures in enough time to take action to eliminate the threat.
A Secure Start
As IoT adoption accelerates, it's important for businesses who are deploying the technology to undertake these steps to get their IoT initiatives off to a secure start. As with other internet technologies, though, there are no guarantees. Even after creating the correct processes and infrastructure to secure IoT assets, it's still possible to fall victim to an attack.
That's why the final – and most important – step is for decision makers and administrators to remain hyper-vigilant about which IoT technologies they bring into the fold and how they're integrated. It's a job that IoT vendors won't do for them, and one that could have serious repercussions if mishandled. Hopefully, IoT technology will soon mature to include reliable native security, but until then, every IoT user's on their own.