PodChats for FutureIoT: Securing the Internet of Things

liu, tempo Date: 2021-07-07 11:36:40 From:futureiot
Views:52 Reply:0

Internet of Things are devices that connect to the Internet. Some are sensors that collect telemetry data about their surroundings and relay it to a collecting device via a wired or wireless connection to the internet. Others not only monitor but also control the activity of the device they are attached to like an air conditioner or lights. Still, others provide information like the navigation system in a vehicle or a power reactor.

Gartner says organizations implementing IoT are increasingly focusing on the business outcomes of the technology. IoT initiatives are no longer driven by the sole purpose of internal operational improvement.

The bad news is that this expanding universe of applications of IoT in industrial, government, consumer and commercial is drawing the interest of cybercriminals recognising a burgeoning opportunity.

IoT security

From the Mirai Botnet (aka Dyn Attack) of October 2016 to the discovery of hackable cardiac devices at St. Jude Medicals in 2019 to the hacking of a Bluetooth speaker that allowed the criminals to eavesdrop on a CFO’s private conversation, the threat is real, and it is now.

The why of IoT security

Beng Hai Sim, head of Technical Sales at ESET, Asia Pacific, defines IoT security as the act of securing the IoT device and the network it is connected to.

“The interconnection of IoT poses a significant challenge for organisations due to the serious security risks posed by unmonitored and unsecured devices connected to the network. The need to think about security on a daily basis has never been greater, especially given that the number of internet-connected devices is expected to grow at an exponential rate,” he added.

Bots: the who/what of IoT security

Sim said IoT botnets are a type of malware that commonly targets IoT devices. He explained that IoT devices that have been compromised by bots are frequently used as communication channels to other compromised devices in the network known as botnets. Unpatched vulnerabilities may also exist in routers to which the IoT devices are connected.

Citing ESET telemetry, Sim revealed that ESET scanned nearly 200,000 routers during the first four months of 2021 and discovered that over 2,200 of them had at least one known vulnerability. The most common type of router attack is distributed denial of service (DDoS).

DDoS attacks affect 70% of organisations polled on a monthly basis.

IoT security starts here

Echoing a security industry theme, Sim says cybersecurity is a shared responsibility.

From an IoT security perspective, he says the CISO has the responsibility to educate employees on cybersecurity awareness training.

Beyond regular training and continuous awareness, he suggests that when purchasing IoT devices, organisations should first select a well-known, dependable IoT device provider who is likely to be around in the long term. This ensures that the manufacturers will be able to provide patches and fixes to the IoT devices in the future in a timely manner.

“It is crucial that the IoT devices that they have selected are secure by design, with security being a key goal at all stages of product development and deployment,” he added.

The reality of IoT security

Sim acknowledges that not everything can be secured immediately!

“Given that there are so many IoT devices out there, it is unrealistic to consider the security design of every single IoT device, but businesses can look at cybersecurity infrastructure and techniques to reduce risk,” he opined.

He recommended adopting the Zero Trust security model requiring all users, both inside and outside of an organisation’s network, to be authenticated, authorised and continuously validated for security, configuration and posture before being granted or maintaining access to application and data.

He also suggested network segmentation as a useful approach to isolating IoT devices from other network systems.

“A simple analogy I’d use is the current pandemic situation, where we enforce social distancing to minimise the spread of the Coronavirus,” he continued.

According to Gartner, utilities will be one of the highest users of IoT endpoints, totalling 1.37 billion endpoints in 2020.

An expanding universe of applications

“Electricity smart metering, both residential and commercial will boost the adoption of IoT among utilities,” said Peter Middleton, senior research director at Gartner. “Physical security, where building intruder detection and indoor surveillance use cases will drive volume, will be the second-largest user of IoT endpoints in 2020.”

Building automation, driven by connected lighting devices, will be the segment with the largest growth rate in 2020 (42%), followed by automotive and healthcare, which are forecast to grow 31% and 29% in 2020, respectively.

In healthcare, chronic condition monitoring will drive the most IoT endpoints, while in automotive, cars with embedded IoT connectivity will be supplemented by a range of add-on devices to accomplish specific tasks, such as fleet management.

Leave a comment

You must Register or Login to post a comment.