A sua segurança IoT é robusta o suficiente?

Is your IoT security robust enough?

IoT devices present an attack vector that many organizations have not had to think about in the past.

Imagem em destaque

According to a new study from Kaspersky , 64% of companies use Internet of Things (IoT) solutions and 57% cite that their biggest concern with the technology is a cybersecurity breach. However, 43% report that at least one type of IoT device used is not properly secured. While this may not be the majority, the number of IoT devices multiplied by each company results in a significant amount of vulnerability in the business community. And that number is growing, with the global number of connected IoT devices predicted to increase by 9% by 2025

Cyberattacks are among the most disruptive things that can happen to any company, taking valuable resources away from critical tasks and diminishing the company's brand. IoT devices present an attack vector that many organizations have not had to think about in the past. Therefore, if your company is concerned about cybersecurity – and it should be – you must think beyond protecting traditional networks and devices. In the following sections, we explore steps you can take to improve IoT cybersecurity.

IoT in specific sectors

Before addressing IoT cybersecurity, it's important to understand how it is used in your industry. Here are some examples.

  • Health care. Patients with chronic illnesses use wearable IoT devices such as fitness trackers, pulse oximeters, and blood pressure watches to monitor their condition and send information about it to healthcare professionals. Other types of devices are used in hospitals to monitor the status of patients and medical machines.
  • Manufacturing. To improve manufacturing operations, IoT sensors can be attached to machines and equipment to collect data and ensure optimal functioning. This information allows operators to plan and schedule maintenance, repair and replacement in alignment with business processes and cash flow.
  • Logistics. IoT sensors are used to monitor the movement of shipments, provide data on information stored in warehouses, and monitor storage and transportation conditions.
  • Automotive. Connected devices allow cars and trucks to stay connected to valuable services such as safety networks, drive autonomously, alert drivers to needed maintenance, and track fleet vehicles.
  • Retail. Sensor-based capabilities enable physical retail establishments to provide new shopping experiences such as optimized fitting rooms, perfectly timed product information, and out-of-the-box functionality.

Understand the situation

In the past, the number of entry points for cybercriminals was limited. Now, the billions of IoT units in operation create additional attack vectors for hackers to enter enterprise networks, as the number of botnet DDoS attacks on IoT devices continues to grow. These attacks prevent websites from functioning, causing untold revenue and loss of reputation. Other types of attacks can lead to data loss and proprietary information being shared in public or with competitors.

The first step to preventing such scenarios while ensuring robust IoT cybersecurity is to get a sense of your entire digital ecosystem, from sensors in shipping crates or production machines to the smart refrigerator in the break room. Since multiple departments may have deployed smart devices on their own, it is important for IT to gather all of this information and create a database of each device and evaluate each device for risk factors.

Develop Procedures

The next step is to develop processes to close security gaps. The following specific actions are good starting points.

  • Use a strict access policy. According to a recent TechRepublic article, “A Zero Trust approach to security assumes that every network is breached, every machine is compromised, and every user is (unwittingly or not) at risk.”
  • Create a vulnerability management program. A vulnerability management program establishes an ongoing process for identifying and mitigating vulnerabilities.
  • Use a dedicated IoT gateway. An IoT gateway is a physical or virtual platform that connects IoT devices – such as sensors, IoT modules, and smart devices – to the cloud.
  • Ensure IoT governance. This approach includes rigorous checks and authentication of each new device, following manufacturer guidelines, prioritizing data privacy and ensuring compliance with security requirements.
  • Develop a cyber immunity approach. Cyber ​​immunity means that IoT devices are linked through other devices without additional security functionality, making the systems immune to certain cyber attacks.

Once these procedures are implemented, each device must be continuously monitored, including regular security audits.

Mitigate third-party risks

Even if you are doing everything you can to provide robust cybersecurity in-house, you may encounter additional problems with third-party vendors. For example, the vendor's employees may have access to your networks. While you want to think the best of them, you should treat them as if they were your employee, with Zero Trust measures in place. Not doing so is putting your entire organization at risk.

In addition to creating processes for internal security review and repair, you should evaluate the security posture of the companies you choose to work with and ensure they are willing to work within your security parameters. Make this step part of the vetting process for each potential new supplier. Also be sure to review your current suppliers to ensure they are in compliance with your policies.

Create a safety manual

Once you've recognized your industry's specific risk factors, taken stock of your digital ecosystem, and developed procedures to mitigate internal and third-party risks, document all of this information in a cybersecurity manual that outlines your policies. It should include how you will protect your systems, detect and respond to threats, communicate between team members, and recover data in the event of a breach.

Consider the alternatives

So, is your IoT security robust enough? Probably not. The best path forward is to assume that this is not the case and go from there to determine where you are now and what your next steps should be. All this effort may seem like a lot of work, but consider the alternatives, which include an at-risk system that you always have to worry about and the potential for a data disaster that you may not be able to recover from.

If you liked this, be sure to check out our other IoT articles.

  • Staff augmentation for the Internet of Things
  • How to assess security and privacy strengths and weaknesses in IoT devices
  • Chips, supply chains and IoT: challenges for a post-pandemic world
  • Tackling food insecurity through technology

Related Content

TCP/IP-based IoT communication with ThingSpeak platform: IoT Part 29

Monitor de temperatura IOT baseado em ESP8266 usando Adafruit Broker: IOT Parte 21

Monitor de temperatura IOT baseado em ESP8266 usando Adafruit Broker: IOT Parte 21

O Rails 8 está pronto para redefinir o Desenvolvimento Web

O Rails 8 está pronto para redefinir o Desenvolvimento Web

Sistema de detecção de incêndios florestais usando rede de sensores IoT

Sistema de detecção de incêndios florestais usando rede de sensores IoT

Como projetar um alarme inteligente baseado em IoT

Como projetar um alarme inteligente baseado em IoT

Controlando a luz LED no modo Zigbee API: IOT Parte 38

Controlando a luz LED no modo Zigbee API: IOT Parte 38

Sistema de monitoramento meteorológico baseado em IoT usando fótons de partículas

Sistema de monitoramento meteorológico baseado em IoT usando fótons de partículas

Photon Based Smart AC Outlet IoT Project

Photon Based Smart AC Outlet IoT Project

Sistema de eletricidade pré-pago baseado em IoT

Sistema de eletricidade pré-pago baseado em IoT

Como se comunicar entre PC e celular usando o protocolo MQTT via HiveMQ Broker: IOT Parte 18

Como se comunicar entre PC e celular usando o protocolo MQTT via HiveMQ Broker: IOT Parte 18

Comunicação M2M com segurança habilitada usando o CloudMQTT Broker: IOT Parte 19

Comunicação M2M com segurança habilitada usando o CloudMQTT Broker: IOT Parte 19

Como conectar o Arduino ao PC através da tecnologia Ethernet e protocolo MQTT: IOT Parte 24

Como conectar o Arduino ao PC através da tecnologia Ethernet e protocolo MQTT: IOT Parte 24

How to Create an IoT-Based Digital Menu Using the MIT Inventor App

How to Create an IoT-Based Digital Menu Using the MIT Inventor App

A Importância da Cibersegurança para Empresas

A Importância da Cibersegurança para Empresas

O Poder Transformador do Processamento de Eventos Complexos (CEP) na Era da IoT

O Poder Transformador do Processamento de Eventos Complexos (CEP) na Era da IoT

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.