Protecting Your IoT Devices and Wired or Wireless Networks
The internet has transformed the way people communicate. It also brought with it never-before-seen privacy issues. Now, the Internet of Things – known as IoT – is transforming how devices communicate. Using your wired or wireless network, these devices can all share information, helping to create smarter, more efficient systems.
And the adoption of connected IoT devices is increasing rapidly – with an expected growth rate of 31% in 2017, to 8.4 billion devices. That’s more devices than people in the world.
But like the first internet we’ve come to know, this internet of devices is introducing new privacy and data concerns. When used or managed incorrectly, connected devices can be an attractive target for cybercriminals. While this shouldn’t stop you from taking advantage of IoT, it’s important to understand why these devices are prime targets, and what you can do to protect your network and data.
Why is IoT a Target for Cybercriminals?
IoT allows a wide range of devices to communicate and interact with the external environment. Everything from laptops and smartphones to medical equipment, cars and manufacturing sensors can share data over your network.
This connectivity is extremely beneficial to companies and professionals. But the vastness of IoT can make it difficult to manage these devices. For instance, how do you know:
- Which devices are connected to what IP addresses?
- What version of software a device is running?
- If known vulnerabilities in a device have been patched?
- What a device’s credentials are?
If you don’t know, all of these factors open up possibilities for hackers.
The Spectrum of Compromised IoT Devices
While the scope of the IoT seemingly grows every second, the following categories are some of the most prominent connected devices used today:
Industrial machines are often connected to a wired or wireless network. And when they are, hackers could access these devices to shut them down, alter their programs or tamper with their controls. As long as these machines are connected to networks or computers, malicious individuals or codes can “leap” from one location on your network and cause significant damage.
Smartwatches, digital heart rate monitors and other similar devices are incredibly popular because of the health information they can collect. But like any device that stores data, wearables are prone to hacking. And hackers can penetrate the motion sensors embedded in smartwatches or smartwatch apps for nefarious purposes such as stealing health data, determining what information has been typed, or using app permissions as an opening into other data or hardware.
CT scanners, MRI machines and even embedded devices such as pacemakers are all vulnerable to attacks. Health care professionals created and implemented many of these critical devices with a focus on how they’d help patients. But few IT professionals in the healthcare space know how or where to look for breaches. In fact, a security researcher found that a popular drug infusion pump was susceptible to a hacker remotely changing the dosage administered to a patient.
Cameras, DVRs and Beyond
Leveraging compromised assets such as the Mirai botnet, it’s possible for hackers to tap into cameras, DVR players and other similar devices to carry out malicious attacks. In fact, Twitter, Netflix, CNN and many other websites were brought down when a DNS infrastructure company was hit by a Mirai botnet DDoS attack.
Is the Internet of Things Becoming More Secure?
Until recently, many of the aforementioned threats have flown under the radar. But the reported attacks and discovered vulnerabilities have even raised the concern of the United States Government.
The first step is unquestionably recognizing these problems. But now that we’ve collectively reached that place, there is much to be done to bring safety to IoT. All kinds of organizations – from security companies to manufacturers and even nonprofits are stepping up to help protect sensitive data.
Device manufacturers have specifically been pressured to take security measures when creating their products, including:
- Securing the gateways that connect IoT devices to company and manufacturer networks
- Installing security updates on IoT devices
- Protecting the massive repositories where IoT data is stored
What You Can Do to Keep Your Information Safe
As much as device manufacturers can accomplish in an effort to create a safer IoT environment, you also bear a great burden in protecting your data.
Implementing a data security solution suited for your needs will help you rest easy knowing that you’re protected. And when you know exactly what devices are hooked up to your network, you can take action to ensure they are not compromising network security. Beyond tailor-made solutions, below are some measures you should adopt immediately.
Employ Password Best Practices
One of the ways Mirai malware tries to add devices to the Mirai botnet is by trying preset factory default credentials on discovered devices. You must change these default credentials on your IoT devices and use different and unique passwords from device to device. Reusing a password on a different account – even with a different email address – could potentially allow a hacker to breach multiple accounts.
Encrypt Your Data
Encrypting data on your network when it’s at rest and in transit will help keep it secure, even if your network is breached. In-transit encryption will scramble your data during a file transfer – ensuring only the sender and intended recipient can access it. And at-rest encryption will protect your data while it is stored on your network.
Implement Network Access Control (NAC)
Network Access Control systems use policies to control access to your network. Advanced systems can even use contextual information to create policies which keep access to wired or wireless networks secure. These policies allow all of your devices to connect to your network without compromising its integrity. This solution collects real-time data to give you the flexibility, control and visibility you need to keep your information safe. You want to prevent unauthorized access to your network from inside and out.
While IoT will continue its growth spurt and introduce new and unique challenges, you can bolster your company’s cybersecurity and protect your network. Learn how Network-as-a-Service (NaaS) can tackle the network security challenge and others in our eBook: