What the Internet of Things Means for Cybersecurity
Casinos experience cyber attacks from nearly every angle imaginable — but one case might surprise you: Hackers recently gained access to a casino's network through an Internet-connected thermometer in a 'smart' aquarium. The rise of Internet of Things, or IoT, will make these kinds of attacks more frequent and dangerous. It’s critical for businesses to understand these risks and take steps to protect themselves from attack.
The number of IoT devices is projected to exceed 50 billion by 2022, according to Juniper Research, ranging from connected cars to connected assembly line machines. While it’s tempting to simply avoid these devices, Harley Davidson recently added IoT sensors and devices to its manufacturing plant to save seven percent on costs and increase net margins by 19 percent due to greater efficiency. Businesses can’t afford to avoid IoT devices.
Let's take a closer look at the IoT revolution and what it means for small business cybersecurity.
The number of IoT devices is projected to exceed 50 billion by 2022 – are your assets secure?
What is the Internet of Things?
The Internet of Things is a network of computing devices with unique identifiers that can transfer data without requiring interactions with humans. For example, Internet-connected thermostats can automatically adjust internal temperatures based on outdoor temperature and humidity or an Amazon Echo can translate ambient sounds into commands. IoT devices can be as large as a robotic arm in a factory or as small as a sensor in a piece of mail.
While these devices provide a lot of utility, security teams have struggled to keep up with their rate of proliferation. Many of these always-on devices are manufactured with little oversight or regulatory control. Even worse, they are introduced into corporate environments without a second thought by individuals with little security training or expertise. They create a lot more surface area for a cyber attack with fewer built-in protections.
New technologies are also making it easier than ever for hackers to compromise these devices. For example, BlueBorne attacks scan for devices that have Bluetooth on and probes them for information, such as device type and operating system, to see if they have any vulnerabilities. Hackers can quickly take over devices and steal sensitive data contained within them. These kinds of attacks require very little expertise and are easily accessible to criminals.
Businesses must weigh the costs of cybersecurity defense with the benefits of convenience for their business. These low-cost devices can ease communication, improve productivity and convey many other benefits. The trade-off between cost and convenience can be difficult to quantify for many businesses, especially as new IoT technologies are simplifying lives and having a direct impact on businesses’ bottom line.
How to Protect Your Assets
The best way to protect your IoT assets is to reframe the relationship with technology. Evan though you may try to teach employees to be cybersecurity conscious, it's best to assume that they will take no precautions on their own. After all, many IoT devices don't require human intervention at all. Problems are usually issues with installation and maintenance rather than in-the-moment user interaction issues.
Download our free Checklist of Internet of Things Security Protocols to help ensure that all of your assets are protected.
There are several steps to protect IoT devices:
Update the firmware - Firmware updates can help keep IoT devices secure by closing new vulnerabilities. Create a list of all IoT devices and schedule a recurring task to go through and check each of them for firmware updates.
Add firewall protection - Firewalls should be placed between IoT devices and the outside world. By default, firewalls should only permit whitelisted traffic and automatic alerts should be fired when suspicious events occur.
Separate networks - Consider separate networks for IoT devices to avoid attacks that jump to different devices. For example, these devices could use an external-facing internet versus an internal intranet.
New cybersecurity solutions also add a layer of intelligence to the mix. For instance, intelligent products learn what secure and insecure activity looks like through machine learning and artificial intelligence. The software can also act upon these findings to shut down attacks as soon as they occur, as well as prevent attacks from impacting other devices. They may also automatically apply patches and other updates to eliminate the need for manual updates.
Jungle Disk provides cybersecurity solutions designed specifically for small businesses with less than 250 employees. With a simple per month, per employee pricing model, you can access always up-to-date cybersecurity solutions designed to protect conventional and IoT devices from a wide range of common attacks and attack vectors. We also provide a free network scan that you can use to instantly identify potential vulnerabilities in your network.Don’t forget to download our free Checklist of Internet of Things Security Protocols to help ensure that all of your assets are protected.
Broader Security Implications
IoT devices are commonly used as an entry point for other forms of attack on a network. For instance, the 'smart' aquarium hack mentioned earlier in this article served as an entry point for a much larger attack that compromised the data from high-stakes customers. The surface area of risk exposure is much larger in organizations that make extensive use of IoT devices and technologies, which makes these expanded attacks easier.
There are several other types of attacks that use IoT devices as well:
- Botnets may use compromised IoT devices to power distributed denial of service (DDoS) attacks on other organizations. You may not even realize that these devices are sending malicious data without the proper network screening in place.
- Ransomware may hold IoT devices hostage and demand a ransom payment. These kinds of attacks are already becoming increasingly popular for conventional software, as evidenced by several severe municipal security breaches.
- Thieves may use IoT devices to covertly access sensitive data or use them as an access point to network devices. For example, a compromised Amazon Echo could result in board room meetings being compromised.
Small businesses aren't immune to these kinds of attacks, and unlike larger businesses, they may not be able to handle the high costs of an attack.
The Bottom Line
The Internet of Things will only become a bigger part of corporate networks around the world. With so many new devices connected to a network, it's challenging to ensure that they're all secure and up-to-date. Small businesses should carefully assess these risks and ensure they're taking the right precautions in order to avoid becoming a statistic.
Sign up for Jungle Disk's cybersecurity suite that's designed for small businesses with up to 250 employees.