How do you bring law to the Wild West of the IoT?
Headlines keep saying that the Internet of Things, billions of web-enabled devices that share information via cloud services, is coming.
The fact is, it’s already here. From mining companies using thousands of sensors on plant and machinery to refine their maintenance schedules through to the IP camera that your business just installed beside the front door. We’re already in the middle of the IoT boom.
But, like many great innovation waves, the rush to solve problems and add functionality to previously standalone or directly network-bound devices has created a new problem – in this case it’s network security. There are numerous stories of IoT security failures that have already happened where adding a layer of security was more expensive than the minimum viable product, so it was skipped.
Suddenly, new, nuanced operating systems and devices with functional but “loose” programming (such as putting passwords in open code or simply not requiring a password at all) are becoming part of corporate networks, effectively creating a back door for malware and hackers to creep into your business.
Over time, just as with other great advances in technology like credit cards and mobile phones, internet-capable devices will be subject to new standards that will control how they are secured and the Wild West will be tamed.
But before that day, what can you do to secure your network against a data breach?
There are at least three key steps you can take that will secure you against 85%+ of all attacks:
- Change the default password if it’s too simple. If you have a device where the operating manual says that the password of the device is “password” or “open” or “1234” then you need to change it straight away. It doesn’t take much probing for a piece of malware to work out a simple password. Tests we’ve conducted take as little as 11 minutes to crack a simple password like that.
- Add Continuous Vulnerability Scanning (CVS). CVS is where a network security company installs a piece of software on your network that continuously compares the network-connected devices and their operating software to a list of previously-identified vulnerabilities, ready to alert you the moment that either a device with flaws is connected to the network or a new vulnerability has been detected in a piece of hardware. The CVS software also alerts you to the degree of risk that you are exposed to if the device remains connected and the fix if one has been identified.
- Deploy Application Whitelisting. This is where the operating environment in your network is locked down so that only permitted applications can execute. It means that even if an IoT device is compromised, new software can’t be introduced that would breach your corporate network. The process takes a couple of weeks before your whitelisted operating environment is ready to go live, but after that, you’re much more secure.
IoT promises many great things. But it also guarantees to cause you heartache unless you’re proactive in ensuring that the new additions to your network are secure.
Talk to an IoT specialist company like Computer One today.