IoT is top of mind for many business leaders today. While executives continually hear about the proliferation of IoT-enabled devices, what’s really driving their interest is how these technologies can be applied and the benefits they can deliver for their businesses. In virtually every industry, IoT can have an impact.
In manufacturing, IoT can be used to predict machine failures in order to improve maintenance schedules and reduce or eliminate unscheduled downtime.
In transportation, IoT can be used to track vehicles and optimize routing, which improves on-time performance and safety while simultaneously reducing cost.
In medicine, IoT has the potential to provide better monitoring, which can be used to promote wellness in addition to enhancing outcomes for those who are ill.
These are just a few examples of IoT’s potential. While executives may understand the opportunity, they’re also concerned about the pitfalls involved with implementing an IoT strategy, mainly security.
According to a recent Forbes Insights survey of more than 500 executives, 70% are confident in their ability to maintain the security of IoT, but over half also say they’re placing a higher security standard on their programs. While it seems companies are confident in their ability to protect their assets, executives also perceive the risk, and in some cases, that’s affecting the speed with which they execute. In fact, 39% of executives surveyed say IoT programs at their companies have been delayed due to security concerns.
Six Recommendations For IoT Security
One of the challenges with IoT is managing a complex group of disparate hardware, software and network platforms. With this structure, and the number of potential devices and entry points into your network, IoT requires an end-to-end approach to security. Here are six steps you can take to better ensure the security of your IoT initiatives:
Secure IoT networks: Just like other IT systems, networks used for IoT should employ all the normal security measures, including antivirus, malware protection, firewalls and intrusion prevention.
Focus on authentication: IoT devices must be able to communicate with other devices, but it’s crucial that they also authenticate. Things can get a bit more complex given the various types of devices, including single-user, multiple-user and machine-to-machine scenarios, so it’s recommended that companies use a trusted platform for authentication. These can include digital certificates, two-factor authentication and even biometrics. Newer options like Trusted Platform Module (TPM) are also being used to robustly manage the authentication process.
Monitor the health of IoT devices: Individual IoT devices are a point of vulnerability. If they are compromised, the system should not allow them access. A standard like Trusted Network Connect (TNC) can be used along with other tools to confirm the health of software and firmware at boot, during operation and during sensitive upgrade cycles. If an IoT device is infected, it must be returned to a healthy state before it can be allowed to gain access to a network. This can be done using files saved in protected storage on the device, over a network, or with runtime verification.
Encrypt wherever possible: Whether it is in transit or at rest, protecting data is critical and encryption is key to protecting data security. Devices that can’t prove their health should be denied access to encryption keys and other sensitive data. It's also important to maintain encryption key management processes over the entire life cycle of each device.
Secure your APIs: Application Programming Interfaces (APIs) authorize and enable the movement of data between edge devices, applications and back-end systems. Securing APIs is necessary, and only authorized devices and apps should be accessing them. Tools should also be in place to detect potential threats and attacks on these key points of connection.
Analyze IoT security data: Collecting, integrating and analyzing data from different devices, applications, legacy systems and other elements of an IoT system for vulnerabilities and abnormalities is critical to the overall health of an IoT system. This area of IoT security is starting to see significant benefits from machine learning and artificial intelligence, which provide predictive analytics and detect anomalies in ways that aren’t possible with traditional network security tools.
Beyond security related to technology, companies should also ensure that their people, processes and procedures are secure and enforced. Social engineering can be just as effective a method for hacking as a more technology-based approach. While technology is the lynchpin of IoT security, it is important to be vigilant on all fronts. Even with the best technology solutions in place, social engineering tactics are surprisingly effective at exploiting other types of vulnerabilities.
Security with IoT is not something that can be ignored or overlooked; the consequences of a breach are just too severe. Consider the Mirai botnet attack in 2016 that took down a long list of websites, including Shopify, Netflix and Twitter, by targeting vulnerabilities with outdated firmware in IoT devices. To avoid a similar attack, companies must keep security top of mind. With proper planning and diligence, businesses can minimize risk while also gaining a significant advantage over their competitors.