Guest Contributor: Nina Pineda, Consultant, Pod Group
The internet of things is on the rise, helping organizations digitally transform their businesses and propel them into the future; its integration across labor-intensive industries is evolving their operations and strategies. It is also changing human behavior as we know it as IoT takes control of our homes, the workforce and soon the world. Simply put, IoT can be considered as the next industrial revolution.
This all looks promising, but with all the devices using IoT technology, those connected to a network are exposed to cybersecurity attacks. These attacks may sabotage operations and render establishments ineffective, costing businesses millions of dollars. To address this, we need to come up with an IoT solution that standardizes and institutionalizes defense mechanisms on a worldwide level.
Protection from DDoS Attacks
With botnets being one of the security risks in IoT, cybercriminals try to exploit them through Distributed Denial of Service (DDoS) attacks. Now that web access is crucial for organizations in today’s economy, the need for the internet is increasingly becoming more pertinent with the integration of mobile, Software as a Service (SaaS) and cloud technologies into businesses. This makes it open season for attackers to hit anybody connected to the internet. The good news is DDoS has been a threat for quite some time now, and this allowed the industry to find ways to defend against DDoS attacks.
Update Your Passwords
Passwords are your first defense against hackers and data thieves, so one of the critical security steps to take is to ban default passwords. You don’t have to create your own passwords since there are now available tools that create strong passwords for you. But if you do it yourself, there are some guidelines to follow:
- Don’t use identical passwords across different accounts
- Don’t include personal details
- Don’t use dictionary words
- Avoid repetition or numbers and letters in sequence
- Include special characters or symbols
- Prefer long passwords since a brute force attack can easily break one with seven or fewer characters
- Try using a password created using the first letter of each word in a song title or phrase that’s easy to remember
- Write them down on paper and store in a secure location
- Use a password manager
- Change weak passwords and update them regularly
Ban Internet Auto-Connection
Make sure all your IoT devices are set up so that they don’t automatically connect to wi-fi hotspots, particularly in public places. Hackers have found flaws in standard WPA2 protocols that allow them to steal information from users connected to the public wi-fi.
Include Security in the Buying Process
It is essential to include the risk IoT products may pose as you think about their value before making your purchase. For instance, if you’re thinking of hooking up a refrigerator, you must know this might not be a good idea since the inherent risk of connecting your fridge to a network doesn’t justify its value.
You need to recognize that every connected device is a computer that potentially has vulnerabilities, so you have to decide if their IoT connection is worth the risk. And if it is, it’s a must to consider the security of the device prior to purchasing. Conduct thorough research and look through its product history for flaws and how fast they have been patched to strengthen security.
Carefully Examine the Documentation
Most of us are guilty of skipping this, but it is crucial to peruse the terms and conditions of a product carefully. This will give you the needed awareness of how the device gathers data, which can help you identify vulnerabilities.
Perform Endpoint Hardening to Beef Up Security
There will be times when your IoT devices are operating unobserved. This represents a vulnerability, so it is prudent to make your device tamper-proof by taking preventive steps to keep hackers out from stealing your data through botnets.
To achieve endpoint hardening, various layers should be kept in place so potential hackers would have to get through a number of defenses to penetrate your system. Makes sure you address all known vulnerabilities, from unencrypted transfers to your ports.
Update All Devices Upon Release
Manufacturers frequently release bug fixes, and these would immediately show up on your IoT network. It’s always smart to update to the latest version of your device to bolster security. If a couple of months go by without any software updates, you should start being concerned and find out if a manufacturer has gone out of business. If this happens, it means your device’s security is no longer maintained and eventually compromised.
Create a Partition for Your IoT Devices
If possible, use a separate network that’s exclusive for your IoT presence. Make sure you set up a firewall to defend it while proactively monitoring its activity. By doing this, you will be able to block the risks inherent to IoT from your primary systems.
Harden Your Network
Now that you’ve dedicated a separate IoT network, it is crucial to implement the proper defenses to ward off threats. You will need robust access control mechanisms in place with a meticulously designed user authentication process to prevent intrusion.
As previously mentioned, you should use complex passwords that are long enough to render brute force efforts ineffective. Also, two-factor (2FA) and multi-factor (MFA) should be used to have that additional step beyond the standard password, which is usually a code sent to a mobile device.
You may also include an adaptive or context-aware authentication process that takes advantage of machine learning to regularly assess threats in a way that does not affect the user experience. Lastly, you can use encryption to secure protocols in the system.
The internet of things is well on its way to being the focal point of the next industrial revolution. The technology is set to change economic and social structures drastically, but along with this evolution is the attempts of unscrupulous individuals to exploit it for personal gains. The only way to protect yourself is to take the necessary security measures, so you can reap all the benefits IoT can offer.