IoT security analysis: Are your IoT devices secure?
The world of IoT encompasses a wide variety of technologies, vendors and connectivity methods. Although the first things that come to mind when we think of this new technology are cameras, smart kitchen appliances or smart locks, IoT devices are prevalent across industries.
IoT provides numerous benefits, including increased operational efficiency, improved customer experiences, better business decisions, and worker protection. For the organization looking to adopt IoT to any degree, security challenges must be overcome using more than typical network security solutions alone. Given the inherently insecure nature of the IoT space due to the lack of industry standards, new security complications arise. As with any new technology that enables digital transformation, the IoT objective must include strategies that align the technology with the enterprise’s current cybersecurity systems and policies.
What are the IoT security vulnerabilities?
The rush to meet the growing demand for IoT devices is resulting in favoring functionality over security. Unprotected, connected devices are vulnerable to botnet and distributed denial of service (DDoS) attacks.
A Trustwave report notes that only 28% of organizations consider IoT-specific security strategies as “very important.” Alan Mihalic, founder and president of the IoT Security Institute, says that despite the number of IoT devices, most are not secure.
The IoT attack surface
Because securing IoT devices requires real-time authentication and authorization, complexity increases, providing opportunities for bad actors to carry out many types of attacks. Whether it’s man-in-the-middle (MitM) attacks, leveraging stolen login credentials, impersonation or cloning, or encryption attacks targeting key algorithms, a hacker’s arsenal is well stocked.
But at its most basic level, compromising a device is much simpler than most people think. Unfortunately, the most common user ID/password combinations are support/support, admin/admin and default/default. For many devices, security is an afterthought.
Simply changing a device’s default password can go a long way toward paving the way for a robust IoT solution.
How common are IoT attacks?
IoT attacks are frequent and increasing. In the first half of 2019, honeypots set up by antivirus vendor Kaspersky detected approximately 105 million attacks launched from 276,000 IP addresses on IoT endpoints. Compared to the first six months of 2018, attacks increased ninefold, up from 12 million a year earlier.
Attack targets go far beyond the enterprise. Major areas of attack include smart cities, critical infrastructure and Industry 4.0 environments.
How can you start securing your IoT environment?
IoT devices require security that adapts to different connectivity models and device types. redborder recommends an active rather than a reactive cybersecurity approach to protect IoT ecosystems. redborder’s traffic analysis tools will provide valuable information that can be used by threat intelligence services. Like other analytics, IoT device data is collected, monitored, aggregated and normalized to provide actionable alerts and reports when abnormal activity is detected.
redborder can help with this journey to make it safer for an enterprise to innovate.