IoT security: 5 challenges and how to overcome them
At this year’s Mobile World Congress in Barcelona, the IoT was very much at the front and center of the event, from smart and connected cars to new industry partnerships delivering IoT solutions to the introduction of new infrastructure to power the IoT. However, talk about IoT security was noticeably missing, according to Naked Security. Though many of the new announcements illustrated just how prevalent the IoT is becoming today, particularly in the mobile enterprise space, there are still many security challenges to overcome.
According to a recent Akamai report, unsecured IoT devices continue to drive a large portion of distributed denial-of-service (DDoS) attacks. In fact, seven of the 12 largest attacks in Q4 2016 can be attributed to the Mirai IoT botnet that took down Twitter, Netflix and other massive cloud service providers. When it comes to the IoT in the enterprise, businesses should consider the following when developing a sound strategy:
1. Employee-owned IoT devices
Inevitably, employees are going to bring their own IoT devices, such as Fitbits and smartwatches into the office, which are nearly impossible to track and secure. More often than not, employees have not taken the proper measure to secure those devices themselves, and if connected to the corporate network, a security breach is inevitable. To mitigate the risk, businesses should educate employees and set up a separate wifi network.
2. Domain name systems (DNS)
Cybercriminals are increasingly targeting DNS systems to hijack devices and user credentials to get access to sensitive corporate data or render devices useless. To prevent this, businesses must make sure DNS servers are maintained with the latest patches and deploy infrastructure that can scale to handle any spikes in workload activity.
3. Exposed APIs
At the heart of the IoT are APIs that connect devices and systems to one another, creating a wider threat landscape for cybercriminals. Businesses must ensure the APIs they’re using are well-documented and controlled to thwart potential attacks.
4. Data explosion
By adding more and more devices than ever to the network, the volume of data created and collected becomes enormous and increasingly difficult to handle and store securely, leaving it vulnerable to attackers. Before implementing the IoT, businesses must make sure they have the proper infrastructure in place that can scale to handle that data securely and legally.
5. Wider threat landscape
With so many more devices connected to the network, cybercriminals have a wider footprint to launch phishing, DDoS, ransomware, IoT botnet (or “thingnet”) and spyware attacks. Enterprises not only need to deploy proper infrastructure and network security software, but they also must educate employees about how to detect potentially malicious activity.
Though companies are rapidly bringing more and more connected devices into the corporate network, IoT security should be top of mind.