The Internet of Things Presents Unaddressed Cybersecurity Vulnerabilities

By Adam C. Uzialko, B2B Staff Writer – Business News Daily

The Internet of Things is a powerful tool that grants organizations access into granular data, which helps to improve productivity, efficiency and informed decision making. However, implementing an IoT system, in which dozens or even hundreds of new connected devices gain access to your network, carries with it increased security risks. After all, more potential points of entry increase the attack vector for would be hackers.

So, how can your business reap the benefits of the IoT without befalling serious harm? With so many threats out there – from ransomware to malware and beyond – security is imperative. Business News Daily spoke to several experts about the problems facing IoT cybersecurity today and how best to move forward.

Rather than a monolithic system, IoT is a fabric of disparate devices connecting with one another to work together, as the name suggests. Historically, organizations have implemented IoT in a bid to reap the enormous benefits the technology promises; however, there was often little regard for security, and as the network of connected things proliferated, so too did the security risks.

“For a long time … the IoT push was just to connect the unconnected,” said Matt Morris, ‎VP of strategy, products and marketing for NexDefense. “So, people started to incorporate more and more of these systems, bringing in manufacturing plants, oil rigs, utility substations and so on. In their push to get things connected, they failed to solve the issue of security.”

Today, most companies understand that secured connectivity is the true value of IoT and are working to protect themselves, especially in the wake of high profile attacks like Shamoon, which impacted Saudi Aramco and sent shockwaves through the oil and gas industry, or the more recent Wannacry ransomware attack that impacted companies all over the world. In some ways, though, Morris said, security efforts that emanate from boards of directors are misguided.

Many companies are trying to apply IT security solutions in operational environments, such as the manufacturing industry or for oil and gas production. The trouble with this, according to Morris, is that the two are very different animals – companies then think they’re protected when their security still has holes in it.

Utilizing typical IT solutions in an operational or industrial environment, such as a manufacturing plant, can have dire consequences. Scanning systems, for example, can cause essential features to shut down, like safety features that protect humans working alongside robots on a production line. At worst, serious harm could befall employees. But even if this worst-case scenario doesn’t come true, you’re still looking at a slowdown in production, Morris said.

“The type of security needed to protect manufacturing lines, oil rigs, etc.is newer tech,” he added. “There … is technology out there that is purpose built for these environments. If … companies are aware and invest and implement, they can actually strengthen the IT security they are using today that they think is protecting them but really is not.”

Many security vulnerabilities can be mitigated by establishing a policy based on best practices and disseminating these policies to employees. Protecting credentials and restricting access to the network are major ways a company can protect itself from outside threats.

“The greatest challenge I see among all our clients is a lack of standards and governance in the way they will support and provide access and control measures to all these devices,” said Mike Sanchez, CISO of UDT. “There’s not a clear strategy in terms of who has access, which group and why. Generally, what I see is they do these blanket rules and policies allowing most devices to connect merely just by basic configuration settings to access things like emails and share files or folders on the company network.”

Sanchez said establishing directives regarding “bring your own device” (BYOD) policies, network access, and how employees interact with others through channels like email can help insulate the organization from would-be attackers. It’s also wise to prioritize the assets that you truly depend on, rather than taking a one-size fits all approach.

“Over and over again, I see people trying to protect things that don’t have a big impact to organization,” Sanchez said. “It all comes down to governance, frameworks and standards. Doing these basic things, whether it’s an IoT device, legacy systems or remote PC, the fundamentals still remain. There isn’t a magic bullet that’s going to address this challenge from a tech standpoint.”

Some of the security challenges of IoT are out of the organization’s hands. Manufacturers can build-in better security protections to their products on the device level. Many have moved to improve their products already, and security will continue to become a bigger sticking point as IoT continues to proliferate.

“Manufacturers and vendors of these devices need to do their part as well in the chip sense, and how they build these devices,” Sanchez said. “Attackers use basic methods in attack vectors and manufacturers need to account for any type of attack.”

Often, a major motivation is creating a seamless, intuitive user interface, but this can also compromise security if overdone, Sanchez said. Tightening things up without sacrificing an acceptable amount of user friendliness will be the challenge software developers and device manufacturers face in the future.

“There’s always a balance we strike between user interface accessibility and security,” Sanchez said. “We’re always struggling against those two points and how to provide or mitigate the risk at the best possible UI experience.”

The IoT security issue isn’t going to be solved overnight. It’s going to take years of learning new behaviors, implementing new defenses, and upgrading technology to combat the threats. And even then, new attacks will develop and new defenses will rise to meet them.

“It’s a challenge that will be around for a while, I think, given the magnitude of the different areas you have to deal with and address, Sanchez said. “Companies are really struggling in the way that they define the strategy for their own infrastructure and legacy systems.”

But security challenges shouldn’t scare organizations away from IoT, Morris said. The benefits the technology offers are very real, and if the hurdles surrounding security could be overcome there’s no telling what these connected environments can help us achieve.

“If … that awareness doesn’t get out there and get [security] implemented the way it needs to, I don’t think we’ll ever see IoT reach its full fruition that everyone really wants it to,” Morris said. “But if that can be solved, then I think sky’s the limit in terms of what can be achieved.”

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.​

Smishing Attacks are on the Rise—Here’s How To Keep Your Data Safe

Smishing attacks are on the rise, posing a significant threat to data security. Originating from a blend of SMS and Phishing, these attacks have seen a drastic increase since 2020. The widespread use of smishing attacks has persisted, with a lack of awareness being a major issue. Many view these as simple spam messages, unaware of the danger they pose. This blog aims to raise awareness about smishing and provide actionable insights to protect yourself and your organization.

5 Strategic Ways to Master Your IT Budget

Enhance finance IT efficiency with UDT and Cisco. Master IT budget planning, security, and innovation in the competitive industry.

IT Compliance Training for the Finance Industry (Get Your Resource Kit Now)

Download UDT’s IT Compliance Kit for financial services – empowering IT leaders to educate staff on compliance, data protection, and security.

Trend Alert! An Insider’s Look at the Latest IT Solutions for the Finance Industry

Explore the latest IT trends in finance and how UDT’s cutting-edge cybersecurity and managed IT services redefine security for the digital age.

Streamlining IT Operations in the Finance Industry—Top 10 Strategies for IT Leaders

Unleash the power of UDT and Cisco solutions with top 10 strategies to streamline IT operations for finance—enhancing security, compliance, and efficiency.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:

RECOMMENDED IMMEDIATE NEXT ACTIONS

  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,