As you’re reading this, two very large and ever-growing worlds are on a dangerous collision course: the world of cybercrime and the internet of things.
Right now, in 2016, the estimated number of connected devices worldwide is around 15 billion, and according to Cisco, that number could rise to 50 billion by 2020. In an even less conservative estimate by Intel, that number could reach as high as 200 billion over the same timeframe. The IoT is ready to explode.
Compare that with the also-rapidly-growing cybercrime problem, and we could be in for some serious issues. 2016 has brought us more cybercrime than we’ve ever seen, and according to web security firm Symantec, more than a million web attacks are now happening every single day. You can find that and many more alarming statistics in their annual Internet Security Threat Report.
This means that companies of all sizes are going to need to take IoT security very seriously and as we saw from the DDoS attacks on Dyn a few weeks ago, some still are not.
While a clear set of standards to support IoT security objectives has not yet been established, it is critical that enterprises, device/infrastructure manufacturers and owners of large IoT deployments have a strong foundational awareness of security best practices. And even more importantly, they need to put those best practices to work to keep devices safe.
These companies have a direct requirement to increase their awareness of IoT threats. The challenges are numerous here, but businesses can meet them head-on by educating security staff, auditors, pen testers and more on specific techniques and methodologies for deploying IoT solutions securely.
At Fast Lane, we have considered these challenges and the threats they pose to IoT solutions, and we’ve come up with a working list of best practices to help keep networks and devices safe:
1. Know the security posture and commitments of your IoT product/system provider. You can never know too much about how secure your IoT systems are.
2. Investigate the underlying security of your IoT components. Are they leveraging hardware-based security solutions such as the ones provided by Intel?
3. Ensure that the network and security professionals are well educated about the particulars of IoT-specific security requirements. In many cases, connectivity protocols for IoT devices may be foreign to IT professionals and basic education about this is crucial.
4. Simplify security. Look for hardware and platforms with integrated security capabilities to leverage and reduce security vendors in your architecture. Software-defined networking (SDN) and artificial intelligence (AI) are playing a role in reducing the complexity of security from the security team’s perspective. Build a security architecture that allows for smart automation wherever possible.
Finally, we highly recommend hacking your own systems. Simulate the very likely scenarios that your IoT devices will eventually face a hack. Is your network easy to bring down? Is your data easily infiltrated? If you can hack your systems without much trouble, the bad guys probably can too. These checks need to be performed regularly to account for changing environments and new technologies. Be prepared. If vulnerabilities are discovered, they need to be addressed immediately.
If you or your staff are unfamiliar with these methods or just lack the education to engage them, getting yourself up to speed as quickly as possible is important. Fast Lane offers courses that teach developers and programmers how to hack their own IoT infrastructure and devices, and build more secure IoT networks and systems.
Getting this education and beefing up your IoT security is critically important. As IoT adoption grows, all companies will need to take the appropriate steps to ensure a safe and secure IoT deployment.