Connecting every device in your business to the internet – what could possibly go wrong? Here’s why the IoT is set to make cyber-security a boardroom issue.
Despite the excited buzz surrounding the Internet of Things, the idea of connecting every device in your business to the internet comes with an almost unlimited potential for risk.
Possible security risks posed by the Internet of Things, such as hackers watching you through smart-TV webcams in your boardroom, or online criminals hacking your router and taking control of everything connected to it, have already been called into question.
Add bring your own device (BYOD) to the mix and the risk becomes even greater – especially if employees have the ability to control certain aspects of the office environment from their mobile devices.
In fact, the security risks associated with the IoT are so great that Symantec has dubbed it the “Internet of Vulnerabilities”. Even Cisco goes as far as to say, “The IoT cannot be successful in any organisation without integrated security for both the physical and network infrastructure.”
Why are hackers targeting the IoT?
As computer makers and software developers fix holes on larger devices like PCs, hackers are turning to using peripheral devices to worm their way into homes and offices.
Hacking a smart building not only allows hackers to virtually break into the building, it also allows them to monitor how the building works, view layouts of the property and control what you would think of as ‘unhackable’ features, such as alarms, fire extinguishers and lifts.
From an infrastructure point of view, smart building automation systems are usually built on the same network as corporate and administrative systems, providing an easy way in for hackers looking to compromise a business network.
Even large corporations are ignoring the call to secure their buildings properly. Last year, Google Australia’s building management platform was hacked by security researchers, allowing them to control the alarm system, plumbing and heating, and access blueprints of the building.
Although the researchers didn’t change anything on the network, it exposed the risk involved with having one system or network that can control everything in the business.
Although much of the onus is on the manufacturers of IoT devices to better secure their technology, there are a number of measures IT departments can take to ensure their systems can’t be hacked as readily.
“The data transferred between these internet-enabled machines needs to be encrypted and authenticated,” says ForgeRock chief executive officer Mike Ellis. “To ensure that the request to access a machine is valid, a number of factors must be checked. Data such as location, time and device must be verified to ensure that requests are warranted.”
As with any new IT system or device, you should follow a set process when implementing automated systems:
1. If remote access is an option for any smart device, ensure you disable it in the settings unless it’s absolutely necessary for you or your employees to gain access when out of the building.
2. Change default passwords to a random string so they can’t be guessed, and ensure the passwords are different to every other device on the network.
3. Update firmware as soon it becomes available for any device. It’s likely any new update will fix security flaws that have been identified.
4. Educate your employees about the increased risks involved with connecting smart devices to the network and ensure your policy is widely available for them to refer to.
5. If you’re already aware of smart devices being used throughout the business, perform an audit of the devices in operation. Any device that is connected to your business network needs to be secured using the same high-level encryption you use to secure other terminals on the network.
Businesses stand to gain a lot from implementing the kind of connected and automated environments that the IoT will allow. But along with the increased potential comes increased security risk.
IT departments are responsible for protecting business assets, employees and equipment, which means adjusting security strategies in line with evolving threats and technology. To find out more about the current risk landscape – as well as strategies you can use to protect your organisation – why not download our eBook, The essential guide to cyber security.