The Internet of Things (IoT), has become a hot topic in the technology field. The exponential sophistication and adoption of devices have experts comparing this to the third industrial revolution from steam and power to computers, referring to this wave of new device usage as Industry 4.0 or the fourth iteration of industry as we know it.
IoT is already bigger than you might expect - from doorbells, security cameras, weather stations, smart workout gear, baby monitors, and even coffee pots are streaming data and connected to the internet. As with any cutting-edge technology, IoT does have its kinks that still need to be worked out. The biggest being the security threat that adding IoT devices poses to your network.
To read more on what is IoT: click here.
The problem with IoT device security is that they are easily hacked, gateways to your entire network, and can't truly be protected by just a firewall.
In the first half of 2018, Kaspersky IoT honeypots detected 12 million attacks aimed at IoT devices coming from 69,000 IP addresses. By 2019 that increased to 105 million attacks from 276,000 IP addresses. Attempting to block all malicious IP addresses would be a huge and ineffective feat. Just recently, a Senior Researcher with Avast hacked into a WiFi-enabled coffee pot, devised a ransomware attack, and deployed it, causing the coffee pot to spew coffee and make noise until it was either unplugged or the ransom was paid.
The old castle-and-moat approach to cybersecurity - building an effective and strong firewall perimeter around your network, hasn't proven to be effective since smartphones and mobile devices have made working from home or on the go so easy. The more devices you connect, the higher the risk of a breach becomes.
Here at Sensible, we encourage the usage of IoT devices. They can be substantial productivity boosters, excellent solutions for your business needs, and can help your business scale. However, whenever introducing new devices to a client's network, we have to be cautious and mitigate the additional risk they pose to security. These are the steps we take to do so:
1. Evaluate the current security approach
As mentioned, only having a firewall isn't enough anymore. If we encounter a client that has not yet shed the castle-and-moat approach, we start by shifting their security to a more policy-based approach. Basically, this means we are adding extra security on the drawbridge over the moat. For every attempt to access the data, we put policies in place to prompt the user to verify they are who they are and that they should be accessing that information.
2. Be selective
With the addition of every IoT device, the security risks increase. We caution our clients against adding devices that they don't necessarily need. You shouldn't have to be accommodating for threats posed by your office coffee pot!
3. Research your options
As the need for IoT devices increases, the market is being flooded by tons of new products. Just like in purchasing a new computer, you should do your research to understand if the device is good quality, has the features you need, is compatible with your existing systems, and can be secured. Working with an IT partner like us, we can make informed recommendations on what you should be looking for, and even source the devices for you.
4. Configure the IoT devices adequately
Once you have settled on the device you would like to add, make sure you have technical support when configuring it. The majority of devices do not come out of the box set up to be secure. We can help add additional security or enact the devices existing security measures to ensure it doesn't become a liability.
Client Success Story: Recently, we helped a medical research company implement video cameras in their lab so they could adequately observe and record sample changes 24/7. We were able to help them evolve their security approach, determine the necessary devices required to achieve the solution they needed, source cameras that were compatible with their existing network, could add necessary additional security and featured the live streaming and recording options the lab required.
If you have a business need, we can help you find a sensible solution. We love to help businesses improve by crafting and offering informed technology solutions. Book a call with us anytime, and we'd be happy to lend you our expertise.