IoT security: risks and solutionsRosario
Internet of Things (IoT) is a term used to describe a system of interconnected computing devices that use the Internet to send and receive data without requiring person-to-device or person-to-person coordination.
IoT has broad applications that provide numerous benefits including increased operational efficiency, better customer experiences, improved business decisions and better labor protection. But security challenges must be overcome using more than typical network security solutions alone.
Al igual que cualquier nueva tecnología que permite la transformación digital, el objetivo de IoT debe incluir estrategias que alineen la tecnología con los sistemas y políticas de ciberseguridad actuales de la empresa.
What are the IoT security vulnerabilities?
The use of IoT is expanding by leaps and bounds. According to research published in May 2020 by Transforma Insights, by the end of 2019, 7.6 billion IoT devices were active. By 2030, the number is expected to increase to 24.1 billion.
The rush to meet the growing demand for IoT devices is resulting in favoring functionality over security. Connected and unprotected devices are vulnerable to botnet and distributed denial of service (DDoS) attacks.
Despite plans to adopt these devices in greater numbers, a Trustwave report notes that only 28 percent of organizations view IoT-specific security strategies as “very important.”
Alan Mihalic, founder and president of the IoT Security Institute, says that despite the incredible number of IoT devices, most are not secure:
“IoT devices provide an easy and attractive entry point for criminals looking to break into an organization’s network.”
The IoT attack surface
A look at the sheer number of devices possible in the production environment gives us a window into the magnitude of threat possibilities.
Because securing IoT devices requires real-time authentication and authorization, the complexity increases, providing opportunities for bad actors to carry out many types of attacks. Whether it’s man-in-the-middle (MitM) attacks, leveraging stolen login credentials, impersonation or cloning, or encryption attacks targeting key algorithms, a hacker’s arsenal is well stocked.
But at its most basic level, IoT security is not built from the ground up. Compromising a device is much simpler than most people think. Unfortunately, the most common user ID/password combinations are: support/support, admin/admin and default/default. Simply changing a device’s default password can go a long way toward paving the way for a robust IoT solution.
How common are IoT attacks?
In the first half of 2019, honeypots set up by antivirus vendor Kaspersky detected approximately 105 million attacks launched from 276,000 IP addresses on IoT endpoints. Compared to the first six months of 2018, attacks increased ninefold, up from 12 million a year earlier.
Attack targets go far beyond the enterprise. Major areas of attack include smart cities, critical infrastructure and Industry 4.0 environments.
What are the key IoT security technologies?
When breaking down the key areas of IoT security, there are five essential security controls to consider:
1. IoT network security.
This is about protecting and securing the network that connects IoT devices to the Internet. The sheer number of devices, combined with the complexity of communication protocols, make IoT network security a primary concern within IoT networks.
2. IoT authentication
The mechanism by which users authenticate an IoT device that may include multiple users on a device (such as a connected car). Mechanisms range from a static password or PIN to more robust authentication mechanisms such as multi-factor authentication (MFA), biometrics and digital certificates.
3. IoT encryption
Communication channels between peripheral devices and back-end systems require encryption technologies to be implemented on various IoT device hardware platforms. As such, data integrity is maintained and hackers attempting to intercept data are thwarted.
4. IoT Public Key Infrastructure (PKI)
Provides full X.509 digital certificate, cryptographic key and lifecycle capabilities, including public/private key generation, distribution, management and revocation.
With PKI, digital certificates can be securely loaded into devices at the time of manufacture. Not only that, but they can be enabled at the point of development, providing a means for effective PKI implementation on a large number of IoT devices at the critical deployment stage.
5. IoT security analytics
Like other analytics, IoT device data is collected, monitored, aggregated and normalized to provide actionable alerts and reports when abnormal activity is detected. Recently, analytics has leveraged artificial intelligence, machine learning and more sophisticated big data to help with predictive modeling and reduce false positives.
How can you start securing your IoT environment?
IoT devices require security that accommodates different connectivity models and device types. Redborder recommends a multi-layered approach to protect the data, application, network and endpoint layers with a threat management layer covering each of these components. While there is no prescribed best practice when it comes to securing the IoT, redborder has developed a customized cybersecurity solution specialized in complex networks, making it more secure and enabling the enterprise to innovate.