IoT Will Change (Almost) Everything In Cybersecurity

The Internet of Things is growing fast, with an estimated 8.4 billion devices expected to be connected this year. 

As a result of that rapid expansion, the IoT is reshaping the way in which we think about corporate cyber-security by increasing the attack surface, potentially adding billions of network points of entry for cyber-criminals, each one an additional target to be compromised. 

Gartner put security at the top of its list of the top 10 IoT technologies for 2017 and 2018, and recent research validates the high priority of cybersecurity and connected things among businesses. One recent survey at Black Hat USA 2016 revealed 70 percent of IT experts who responded indicated that their organisation wasn't prepared for IoT-related threats.

While these statistics are real, there also exists a great deal of hype in the market, painting a grave portrait of the IoT and its unique requirements as the grim reaper for businesses. IoT security is a real concern, with open-source cyber-threats like Mirai already showing its potential, but businesses shouldn't believe every scary tale they hear. An attack on any one endpoint doesn't necessarily have to mean all systems are compromised or crippled.

Organisations looking to build or adopt connected devices should educate themselves on how additional endpoints change their threat-scape, and should seek to address a few key questions:

What New Vulnerabilities Is the IoT Creating for the Network? 

New vulnerabilities are created not just by the expansion of entry points, but by the nature of those entry points. Some of the more common vulnerabilities and concerns that businesses need to prepare for include:

• Insecure Web interfaces: "Internet" is in the name, so step one of IoT security is to make certain the connections themselves are secure. 
• Insecure endpoints: Each endpoint is open to an attack, so any that aren't equipped with antivirus software could be infected with malware, opening up the gates to the rest of the network. Businesses will need to keep a watchful eye on how endpoints are behaving and interacting with the rest of the network. 
• Mobile interfaces: The IoT happens everywhere, so ensuring a secure mobile strategy is imperative, including monitoring credentials and any accidental exposure.
How can Business address IoT security/vulnerabilities? 
The changes to the attack surface aren't beyond our abilities to address. Business can do a few simple things to increase their IoT security from the start:
• Change all default passwords. Simple cybersecurity best practices, like always resetting default passwords, will continue to be a vital first step in the age of the IoT. 
• Like changing the password, using an encrypted connection whenever one is available is generally a good cybersecurity rule of thumb that helps to mitigate the risk of attack on the many endpoints within the IoT.
• Create guidelines to quickly call out anomalous behavior of sensors. Sensors perform a very specific task or set of tasks, so detecting any suspicious behavior should be relatively simple if the technology and personnel monitoring the network understand which behaviors are authorized upfront.

How Is the IoT Changing the Future of Securing Businesses? 

In many ways, securing an IoT-enabled business requires much of the same, but the game has changed in that the sheer volume of endpoints, and thus the area to secure, is quickly multiplying. Businesses will need to move beyond traditional network and endpoint security, and be diligent in monitoring all network connections. 
Detection and response strategies will need to become more closely integrated with cybersecurity practices, and IT departments will be most effective by combining the power of technology and human oversight to keep a watchful eye over expanded attack surfaces.

This is particularly true for new and emerging threats, and an overreliance on technology will result in undue complacency, which is exactly what the cybercriminals want in prospective targets.

IoT Journal:

You Might Also Read: 

Internet of Things Brings Threats To Security:

The Internet of Things Will Be Even More Vulnerable to Cyber Attacks:

Data Breaches & The Internet of Things:

Guide To The Internet of Things:

 

« Information Security Forum Launches - Threat Intelligence Report
Facebook Deploys AI To Block Terror Propaganda »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Juniper Networks

Juniper Networks

Juniper Networks is the industry leader in network innovation. We provide network infrastructure and network security solutions.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

Robert Half Technology

Robert Half Technology

Robert Half Technology offers a full spectrum of technology staffing solutions to meet contract and full-time IT recruitment needs.

Intrasoft International

Intrasoft International

Intrasoft International is a leading European IT Solutions and Services Group offering a full range of IT services including Information Security.

Industrial Networking Solutions (INS)

Industrial Networking Solutions (INS)

INS Services specializes in designing, deploying and providing on-going support for critical OT (Operational Technology) and IIoT (Industrial Internet of Things) networks.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Valarian

Valarian

Valarian (formerly Worldr) is on a mission to build cutting-edge solutions that empower borderless collaboration in the new era of digital sovereignty.

ATHENE National Research Center For Applied Cybersecurity

ATHENE National Research Center For Applied Cybersecurity

ATHENE is the largest research center for cybersecurity and privacy in Europe, conducting application-oriented top-level research for the benefit of the economy, society and the state.

RSK Cyber Security

RSK Cyber Security

RSK Cyber Security are a leading cyber security services company that uses services, consulting, and product knowledge to lower security risk across the board.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.

Complete Cyber

Complete Cyber

Complete Cyber provide professional cybersecurity services and products to help secure your infrastructure, systems and data.