|Kaspersky reported that its honeypots detected 105 million IoT devices attacks originating from 276,000 unique IP addresses from January to June 2019. The statistics showed that the numbers grew seven times greater during the same period in 2018 / Photo by: Alexander Geiger via Shutterstock|
Would you choose to deploy an IoT device even if it could be hacked? The answer to this is surprisingly a “yes,” according to business news Forbes. Even if security threats are frequently reported, billions of devices are deployed annually and the benefits of IoT still outweigh the risks. However, an exponential growth in device breaches would drastically alter the risk-reward ratios of business decisions.
Sadly, attacks are on the rise. In October 2019, Kaspersky reported that its honeypots detected 105 million IoT devices attacks originating from 276,000 unique IP addresses from January to June 2019. The statistics showed that the numbers grew seven times greater during the same period in 2018. As IoT risks continue to grow faster than IoT deployments, the risk-reward ratio will greatly hamper IoT growth unless device security is bolstered industry-wide.
Imagine owning a smart farm. With that, let’s take the latest smart farming equipment as an example, said Gerhard Zehethofer of TechRadar, an online trade publication. Smart farming technologies have the ability to fully integrate and connect all your farming tools and infrastructure from your tractor to your maintenance management software and suppliers. What if there was a sudden interruption like a power outage, network disruption, or a device malfunction that brings your entire IoT system offline?
This could happen at any given time, so it’s best to take into account unexpected downtimes when installing IoT systems. Where a connectivity interruption has implications from a safety and security standpoint, we must first consider “what kind of offline status we are talking about.” Connected devices that go offline should operate normally as if nothing happened, at least under regular operations. However, if there’s a breakdown of some sort, “the device has to come to a secure and safe state” if it won’t operate normally.
To illustrate, if your connected tractor goes offline mid-use, you would not want it to shut down completely, which is a safety concern. Ideally, your tractor should continue to operate autonomously even when not connected for a period of time. However, the system will enter into a safe state with manual operation if it also loses its GPS signal. The question here is: How long is too long for an IoT device to remain secure when there are connectivity issues? What will happen to the data when it can’t access its online storage?
These questions can be answered by how well various use cases “have been anticipated and factored in during the product development process.” The burden falls on the device manufacturer and the platform operator to consider such cases in order to develop a system that is capable of reducing harmful activity based on the device’s unique use cases and planning for contingencies.
For instance, if someone is attempting to connect to a smart home platform like Google Home Hub that has been offline for weeks, the access rights will be granted depending on the user’s privileges as well as “how this scenario has been configured within the device.” To demonstrate, access after a period of time could be restricted to some individuals.
Ensure That the Device is Safe By Design
Reconsider getting an IoT device if the provider does not provide adequate information about the device’s security approach, as recommended by Vibhuthi Viswanathan of ITProPortal, a business and IT news portal. If your IoT devices are already installed, ensure that the manufacturer can provide timely patches and updates for the devices’ entire lifetime. The average lifespan of IoT devices is around 10 to 20 years, which gives developers enough time to provide you with updates and patches.
Use Digital Identity
Whether connectivity downtimes are planned or unplanned, safeguarding your device offline requires measures “that prevent it from booting up after manipulation while offline, as well as the inclusion of a set of policies to be programmed and enforced within the device.” The identities of the device and the user or the entity trying to access it are at the core of security. Without implementing the appropriate digital system in place, you can’t be sure if you’re granting access to the right person in the right circumstances or not. Therefore, it is best to have a scalable, IoT-ready Identity and Access Management (IAM) system to enable it to identify who is accessing the network.
Protect Your Data
It is recommended to change the passwords on your accounts and your IoT devices twice a year. Make sure that each device has a unique password. You can use a password manager or resort to the old-school pen and paper method to remember your passwords.
On the other hand, your WiFi router can create multiple networks, enabling you to create restricted access for your guests and family. Hence, you should also consider creating a separate network for your IoT devices, which helps curb unauthorized access to your data when you are connected through your smart devices.
Don’t assume that your IoT systems and devices will be equipped to handle security threats and downtimes. While IoT makes our lives more convenient, it is best to have contingency plans and security measures to protect your devices and data from threats. At the end of the day, prevention is better than a cure.
|It is recommended to change the passwords on your accounts and your IoT devices twice a year. Make sure that each device has a unique password / Photo by: Den Rise via Shutterstock|