IoT Will Change (Almost) Everything In Cybersecurity

Uploaded on 2017-06-27 in TECHNOLOGY-Key Areas-Internet of Things, TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

The Internet of Things is growing fast, with an estimated 8.4 billion devices expected to be connected this year. 

As a result of that rapid expansion, the IoT is reshaping the way in which we think about corporate cyber-security by increasing the attack surface, potentially adding billions of network points of entry for cyber-criminals, each one an additional target to be compromised. 

Gartner put security at the top of its list of the top 10 IoT technologies for 2017 and 2018, and recent research validates the high priority of cybersecurity and connected things among businesses. One recent survey at Black Hat USA 2016 revealed 70 percent of IT experts who responded indicated that their organisation wasn't prepared for IoT-related threats.

While these statistics are real, there also exists a great deal of hype in the market, painting a grave portrait of the IoT and its unique requirements as the grim reaper for businesses. IoT security is a real concern, with open-source cyber-threats like Mirai already showing its potential, but businesses shouldn't believe every scary tale they hear. An attack on any one endpoint doesn't necessarily have to mean all systems are compromised or crippled.

Organisations looking to build or adopt connected devices should educate themselves on how additional endpoints change their threat-scape, and should seek to address a few key questions:

What New Vulnerabilities Is the IoT Creating for the Network? 

New vulnerabilities are created not just by the expansion of entry points, but by the nature of those entry points. Some of the more common vulnerabilities and concerns that businesses need to prepare for include:

• Insecure Web interfaces: "Internet" is in the name, so step one of IoT security is to make certain the connections themselves are secure. 
• Insecure endpoints: Each endpoint is open to an attack, so any that aren't equipped with antivirus software could be infected with malware, opening up the gates to the rest of the network. Businesses will need to keep a watchful eye on how endpoints are behaving and interacting with the rest of the network. 
• Mobile interfaces: The IoT happens everywhere, so ensuring a secure mobile strategy is imperative, including monitoring credentials and any accidental exposure.
How can Business address IoT security/vulnerabilities? 
The changes to the attack surface aren't beyond our abilities to address. Business can do a few simple things to increase their IoT security from the start:
• Change all default passwords. Simple cybersecurity best practices, like always resetting default passwords, will continue to be a vital first step in the age of the IoT. 
• Like changing the password, using an encrypted connection whenever one is available is generally a good cybersecurity rule of thumb that helps to mitigate the risk of attack on the many endpoints within the IoT.
• Create guidelines to quickly call out anomalous behavior of sensors. Sensors perform a very specific task or set of tasks, so detecting any suspicious behavior should be relatively simple if the technology and personnel monitoring the network understand which behaviors are authorized upfront.

How Is the IoT Changing the Future of Securing Businesses? 

In many ways, securing an IoT-enabled business requires much of the same, but the game has changed in that the sheer volume of endpoints, and thus the area to secure, is quickly multiplying. Businesses will need to move beyond traditional network and endpoint security, and be diligent in monitoring all network connections. 
Detection and response strategies will need to become more closely integrated with cybersecurity practices, and IT departments will be most effective by combining the power of technology and human oversight to keep a watchful eye over expanded attack surfaces.

This is particularly true for new and emerging threats, and an overreliance on technology will result in undue complacency, which is exactly what the cybercriminals want in prospective targets.

IoT Journal:

You Might Also Read: 

Internet of Things Brings Threats To Security:

The Internet of Things Will Be Even More Vulnerable to Cyber Attacks:

Data Breaches & The Internet of Things:

Guide To The Internet of Things:

 

« Information Security Forum Launches - Threat Intelligence Report
Facebook Deploys AI To Block Terror Propaganda »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

Nation-E

Nation-E

Nation-E offers innovative cyber security solutions for industrial installations, critical infrastructure and smart grids.

Ntrepid

Ntrepid

Ntrepid products provide protection from web threats and enable organizations to safely conduct their online activities.

Cybersecurity Association of Maryland (CAMI)

Cybersecurity Association of Maryland (CAMI)

CAMI’s mission is to create a global cybersecurity marketplace in Maryland and generate thousands of high-pay jobs through the cybersecurity industry.

SEON Technologies

SEON Technologies

At SEON we strive to help online businesses reduce the costs, time, and challenges faced due to fraud.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

Nucleon Security

Nucleon Security

Nucleon Endpoint Detection and Response EDR is the most effective way to protect the value created by your organization against any threat.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

IntegraONE

IntegraONE

IntegraONE is a IT solutions provider offering a full range of networking and technology solutions.

Halborn

Halborn

Elite blockchain cybersecurity. Award-winning ethical blockchain hackers to secure your stack end-to-end. Far beyond smart contracts.

SecureWeb3

SecureWeb3

SecureWeb3 helps businesses and brands to secure their Web3 presence by offering a full suite of security services including training, consultancy & brand protection solutions.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

SteelGate

SteelGate

SteelGate’s core capabilities are centered around architecture design and engineering of network, systems, and cybersecurity solutions.