Security, Part 6: The Vulnerability of the Internet of Things

February 8, 2017

Woman puts her finger on an icon of a house shown on the touch screen of a digital tablet. The tablet runs a smart home app. Concept of controlling wireless devices at home, also know as internet of things.

In early 2014, more than 100,000 Internet of Things (IoT) devices, including home appliances, were manipulated into sending 750,000 phishing emails over the course of about two weeks, waking the world up to a new threat.

The IoT offers promise in terms of data gathering and efficiency for your facility. However, as facilities start introducing more and more IoT devices (according to one estimate there will be 212 billion connected “things” by 2020), transmitting more and more data via cloud, and making more and more decisions at machine speed, there will be more opportunities for threats and breaches.

IoT devices are attractive to cybercriminals. They are a potential source of data to steal and they are a potential point of entry in order to deny service, hold organizations ransom, or cause physical damage. So far, we have seen very few of these kinds of attacks, but cyber security firms like McAfee and Symantec point to this as one of the worst looming cyber security threats, with ransomware being the primary weapon. According to a McAfee report, “We are certain that ransomware will readily migrate to IoT, as it has proven to be a relatively easy way for criminals to make money…. We already see IoT devices being held for ransom in the power distribution and health care verticals.” Experts also see IoT devices being used as points of entry for intellectual property theft.

Currently there are four main problems with IoT security:

  • Older devices have known vulnerabilities
  • Seemingly innocuous devices are connected to networks without appropriate isolation
  • Many new devices have weak or no security
  • There is not enough attention being paid to the system controllers or aggregation points

How to protect your facility
To quote the great philosopher G. I. Joe, “knowing is half the battle.” This is true with IoT security. Now that you know the four big problems, you can begin to address protective solutions.

  1. Find out the security of your existing devices. IoT security is a relatively new threat and most existing devices are not protected or have inadequate protection. Create (or update) passwords, update all software and, where necessary, buy software to protect your devices. (Vanguard can assist you with this.)
  2. Itemize all devices attached to your IoT to make sure nothing was added without your knowledge. Make sure everyone with any connection to your IoT network is aware of this threat, so they know not to add devices without prior authorization.
  3. Check the security of new devices before buying.
  4. Don’t forget your control plane or your aggregation points.

The benefits of the IoT outweigh the possible risks, and experts agree that this will be true for the foreseeable future. But you need to take some precautions to ensure that you’re not leaving your entire facility vulnerable to a crippling attack. If the IoT already plays a big part in your facility, now is the time to shore up your protection.

For help with your IoT security, contact Vanguard Resources.