#WorldIoTDay: Cybersecurity: The Next Frontier
While increasing awareness aiding digital disruption, hackers are also morphing their tactics and using complex algorithms and behaviour manipulation techniques
Bringing forth a critical dimension to IoT led businesses, cybersecurity is now imperative for security stakeholders to safeguard. In such an environment, it is important to step ahead with caution, insights and diligence to protect every aspect of an IoT deployment from all forms of attacks.
As IoT becomes more ubiquitous, data is turning into a more valuable commodity for the online hacker. Systems that contain cameras, microphones or personal data are usually highly vulnerable to being compromised. While individually this data may not be of importance to a hacker, collectively this data can fetch a tidy amount. For instance, a list of mobile phone numbers can be sold on the dark web, stolen hotel accounts or even a US credit card number with date of birth of an individual can be held captive in return of ransom.
By 2020 it is predicted that every individual worldwide will on an average have more than six connected devices. Wearable devices are essentially potential goldmines of information. Your phone for instance also enables unprotected access to apps including email, business and social media accounts, online banking and many more.
As hackers turn sophisticated, so should response and risk mitigation strategies. The first step towards protection is awareness. A layered security strategy that helps detect and isolate risks across the threat lifecycle will also help. From a suspicious email to a complex multi-stage DoS, most attacks can be traced to carelessness, recklessness or deviation from an established security measure. Thus, it is essential that all stakeholders agree to remain on alert always to thwart hackers at the initial stage itself. Individual users should try and avoid storing data of value on connected systems. These can instead be kept on devices or systems that don’t connect to the net often.
Keeping Your Data and Business Secure
Securing your information and data access points is key to securing your connected world. Begin by keeping track of your connected devices. Each IoT device should be identified, profiled, added to an asset inventory, and monitored for their health and safety. Devices should also be prioritized based and a risk profile created based on vulnerability and amount of data stored.
If a device can work well without being connected for a period (such as wearables), then use it accordingly. Create offline backups for historical data in devices and purge them from the device and online sources. You should keep a hawk’s eye on your data at all times. Data movement can reveal anomalous activity and possible intrusion before critical data is accessed or held hostage. Encrypt data using the strongest possible encryption and update data management protocols frequently to stress on the importance of data.
Review your online activities frequently to identify vulnerable activities and see how you can make them less prone to being compromised.
Guarding the Entry and Exit
A typical IoT installation comes with multiple endpoints each of which could serve as an entry point for an attack on the whole system. Protecting each point using layers of security and access restrictions is a must. Using honeypots is another option. A honeypot is a decoy set up to lure cyberattackers, and to detect, deflect or analyze attempts to gain unauthorized access to information systems. Honeypots are designed in a manner to purposely engage and deceive hackers while revealing malicious activities performed over the system. Multiple honeypots can be also be established on a network to form a honeynet. Honeypots are now becoming a common tactic to identify methods used by hackers to penetrate networks.
Vigilance With Diligence
The best strategy for defeating malicious attacks is eternal vigilance with diligence. Systems, employees, users, customers and every part of the system must be on a constant state of alert to detect and flag anomalous activity. Simple steps like providing multi-factor authentication and creating data back-ups can go a long way in protecting your business.