Blog

What is Internet of Things (IoT)?

IoT devices refers to the network of everyday web-enabled objects that can connect and exchange information. These “smart” objects include more than your average computer, smartphone, or tablet. They include items like personal fitness trackers, TVs, thermostats, or connected cars. In the industrial sector these devices have earned a new term coined “Industrial IoT”. This is referring to the instrumentation and control of sensors and devices that engage cloud technologies. Some common applications of the IIOT are smart manufacturing, smart power grids and smart cities. It is without a doubt that the amount IoT devices is growing rapidly. IoT Analytics has projected that we will have more than 30 billion IoT connections by 2025. That is an average of four IoT devices per person. Understanding how to secure these devices and minimize your cyber risk is paramount to your organization.

How does it work?

IoT devices require little to no input from you after they have been setup. They also have embedded sensors, electrical components, and software that collect data and information from other devices on the network. The data is sent from your network to the cloud for processing. This is where it is shared with other network connected devices through Bluetooth, Wi-Fi, or Radio Frequency Identification (RFID) technologies.

Examples of organization-related IoT devices

• Teleconferencing equipment
• Smart boards
• Smart speakers and other voice-activated devices
• Intelligent equipment sensors
• Smart meters (e.g. electrical and water meters)
• Intelligent motion sensors and air sensors
• Networked security cameras
• Corporate vehicle fleets
• Multifunction devices (MFD) (e.g. printers, fax machines)
• Smart appliances (e.g. kettles and fridges)
• Point of sale (POS) systems
• Modern building control systems (e.g. HVAC, electrical, water)
• Corporate mobile phones and portable IT equipment
• Smart watches or fitness trackers

Are there risks associated to IoT?

According to IntellectSoft, the primary source of security issues with most IoT devices is manufacturers are not investing enough time and resources on security, as a result, many of these devices lack security control and encryption capabilities. With such security vulnerabilities it is possible for threat actors to take advantage and gain access to your network. Some examples are as follows:

• Compromising environmental control systems and smart appliances
• Gaining unauthorized access to company building security controls (e.g. unlocking doors, viewing surveillance cameras)
• Taking control of MFDs to maliciously disrupt Internet access (e.g. Mirai botnet attack)
• Accessing microphones remotely on IoT devices to listen in on sensitive conversations
• Taking control of a car’s safety features
• Controlling a hospital’s medical equipment (e.g. interfering with magnetic resonance imaging [MRI] systems)
• Accessing sensitive data or personal information (e.g. customer names and credit cards) through unsecured IoT devices that are connected to company networks

Is it possible to secure IoT devices?

You cannot eliminate the security risk, you can only limit it. If you choose to allow IoT devices into your business, you should first understand the security capabilities and types of data that the devices send and receive. It is in your organizations best interest to implement plans and policies to minimize the cyber security risks. At the bare minimum your plans and policies should address the following:

• Restrict personal devices to BYOD network (Guest Wifi Network)
• Change default passwords on devices. If password rules allow, use pass-phrases
• Enable two-factor authentication for devices
• Disable features not in use
• Ensuring data generated by IoT items is encrypted
• Turning off any automatic connection services
• Ensure all networks are protected by a Next-Generation Firewall
• Updating IoT devices regularly
• Isolating IoT networks to restrict access with systems managing sensitive data
• Researching reviews and security ratings on manufacturers and products

The Takeaway

The key takeaway here is that if you take the risk to allow IoT devices into your business network, ensure that you safeguard your network by ensuring they meet security ratings, that they are on a separate network with multi factor authentication enabled, and communications are encrypted. Lastly, implement plans and policies to govern and monitor the devices.