SBN

IoT Security or the Lack There Of

The Internet of Things (IoT) is poised to become the biggest technological breakthrough of this decade. Many households will soon own a smart car, smart refrigerator, and smart thermostat. In the business world IoT is also here and is steadily gaining additional profile and credibility. With that comes a vastly complex IoT ecosystem. 51% of surveyed IT and business decision makers report that their organization uses IoT devices that have been created by a third-party.

So far, the reality has not been far from the hype. Two years ago, a smart refrigerator was hacked and began sending pornographic spam while making ice cubes. Baby monitors have been used to eavesdrop on and even speak to sleeping (or likely not sleeping) children. In October 2016, thousands of security cameras were hacked to create the largest-ever Distributed Denial of Service (DDoS) attack against Dyn, a provider of critical Domain Name System (DNS) services to companies like Twitter, Netflix, and CNN. And in March 2017, Wikileaks disclosed that the CIA has tools for hacking IoT devices, such as Samsung SmartTVs, to remotely record conversations in hotel or conference rooms.

Security is a huge challenge in the IoT world. Basic security hygiene that would be considered table steaks in the enterprise are very often overlooked in IoT. Many current devices, for example, lack a password-protected lock screen to halt unauthorized access. Some objects don’t even have screens and have to realistic way to access them directly. Many obvious security protections are missing. Strong authentication to devices and networks to make sure only authorized individuals can get data, as well as encryption of data at rest and in transit is not available in many IoT devices. One of the biggest risks though is that many existing devices have not been built with firmware capable of being updated to meet evolving threats.

Security needs to be built in as the foundation of IoT systems, with rigorous validity checks, authentication, data verification, and all the data needs to be encrypted. At the application level, software development organizations need to be better at writing code that is stable, resilient and trustworthy, with better code development standards, training, threat analysis and testing. As systems interact with each other, it’s essential to have an agreed interoperability standard, which safe and valid. Without a solid bottom-top structure we will create more threats with every device added to the IoT. What we need is a secure, safe, and private IoT ecosystem.  While this may not be easy to achieve, it is necessary to ensure the success of IoT in both the home and business.

Author Bio: Joe Goldberg is the Senior Cloud Program manager at CCSI. Over the past 15+ years, Joe has helped companies to design, build out, and optimize their network and data center infrastructure. As a result of his efforts, major gains in ROI have been realized through virtualization, WAN implementation, core network redesigns, and the adoption of cloud services. Joe is also ITIL certified.

The post IoT Security or the Lack There Of appeared first on CCSI.


*** This is a Security Bloggers Network syndicated blog from CCSI authored by Joe Goldberg. Read the original post at: https://www.ccsinet.com/blog/iot-security-lack-of/