The Internet of Things (IoT) has reached consumers in many ways. There are “smart” thermostats, refrigerators, lights, and home security systems that leverage the connection of the internet.
For businesses, the IoT has also entered their networks in several ways. In factories, sensors and IoT devices monitor manufacturing efficiency and predict equipment failure. In data centers, sensors are used to maintain steady temperatures. In retail, IoT beacons can be used to track merchandise in transit. And in the office, IoT devices can be used for energy efficiency by managing lighting, heating, and cooling, among other things.
IoT and the Cloud
Due to differences in the ways IoT devices are used and the many industries they are used in, it’s become clear that having a different platform for each IoT device is untenable. Several IoT vendors are partnering with cloud vendors to make their products more accessible.
Google has Nest, which sells IoT products for home use, as well as offers an IoT platform. Amazon offers the Blink home security powered by IoT cameras and Amazon Web Services also offers an IoT platform, as does Azure. These IoT platforms can be used to connect, control and monitor billions of IoT assets and devices.
IoT Device Security Issues
In order to work, IoT devices must be connected to the internet, which means they have access to the company WiFi. However, while most of these devices were built for connection — they need it to operate — they weren’t designed with security in mind.
As we discussed in our post on vendor monitoring solutions, it’s important to know who and what has access to your network at any given time. When you invite IoT devices into your network, you need to know what they have access to and whether they’re secure from hackers.
Insecure Devices
Many IoT devices come with default passwords and are missing basic cybersecurity protections. And, many IoT device manufacturers aren’t proactively sending software patches for their existing devices, so if a vulnerability has been discovered, there may be no recourse to prevent an attack.
Distributed Denial-of-Service Attacks
In recent years, there has been an uptick in distributed denial-of-service (DDoS) attacks on IoT devices. These attacks exploit vulnerabilities in the IoT devices to use them to send enough traffic to a website to overload the servers powering it. There is no indication that these types of attacks will subside as more IoT devices hit the market. If your IoT device isn’t secure, it could be used in this type of attack that could impact your servers or website, or someone else’s.
Machine Phishing
Hackers that are able to gain access to IoT devices and networks can use the devices to send false signals. This could be saying everything is okay when it’s not or sending an alert that a piece of manufacturing equipment is failing when it’s perfectly fine. These false signals could be used to disguise the actions of the hackers, allow someone to break into an office building or data center, or could even cause factory floor managers to perform an action on a machine that could cause damage.
An Evolving Risk
As IoT devices become more common and are used more frequently in corporate, data center and manufacturing environments, security for these devices will get better. In the meantime, follow security best practices when installing these devices and use the tools available to monitor and protect your network.
