Securing Internet Of Things

July 6, 2016

A few days ago I spent some considerable time with an Internet Of Things security expert who mesmerised me with how a world with billions of interconnected devices will communicate and share information with one another simultaneously. However much information I had, the expert left me in awe.This may sound like a typical scene from a tech jargonist but in reality, the rapid proliferation of smart devices sensors, cameras, software, databases and gigantic data centres is now more common than ever. In brief description, Internet Of Things refers to the growing number of connected intelligent systems, devices and sensors from automobiles and manufacturing systems to wearable devices, appliances, surveillance cameras, smart energy grids, home and building automation, medical systems and televisions that are generating and sharing massive amounts of data. According to the expert, IOT is basically the intelligent interactivity between humans and things to exchange information and knowledge for new value creation and is one massive information system with the ultimate goal of making life better in the digitalised world. In his own words, with more physical objects and smart devices connected in the IoT landscape, the impact and value that IoT brings to our lives are becoming more prevalent.However, compromised IoT devices can be misused for DDos attacks, cyber warfare, malware attacks, advanced persistent threats without a proper secured network.

He shared with me why IoT is the next frontier in digital technology. It will inspire new working practices and business processes, spark a new wave of innovation, enable more companies to penetrate new markets and industries and encourage greater investments in technology.Because of that, securing IoT represents herculean tasks in terms of the type, scale and complexity of the technologies and services that are required. Not surprisingly, cyber-attackers are also turning their attention to the growing IoT space and exploiting potential security vulnerabilities at an alarming rate. IoT is expected to open the floodgates to cyber threats as all things connected to the Internet have increased cyber-attack surfaces exponentially. The more connected one is, the more vulnerable one becomes.According to expert, a hyper-growth in IoT technologies will mean consumers and organisations will have to put users’ information, privacy and security at great risk. According to him,there was a study that he was involved in which showed that there was a 500% increase in vulnerability scans of IoT devices in 2015 alone.And with such high number of exposed vulnerabilities, it can be very daunting for cyber security experts to safeguard the large amount of information.Securing a network is getting more difficult as malware can now easily bypass the traditional firewall. Consequently, the surface attacks become wider and deeper due to IoT. The expert also told me that most connected devices are created with simple malware detection, if any. This makes it easier for cybercriminals to compromise the network. IoT security needs to be addressed on multiple layers. The biggest risk lies within the devices themselves, as well as from the platforms that support those devices. The software used for IoT devices is vulnerable to threats as most are built on open source libraries and components. As a developers, he told me I need to be aware that to create a robust product, I must secure software development practices, backed by rigorous testing programs to identify and fix patches.

He also pointed out that IoT security is not with the device as such but how and more importantly where the device is used. Unknown devices that are introduced to an organisation’s network opens up new vulnerabilities. Thus, he stressed the need to institute clear technology acquisition guidelines and enforced periodic administrative and security assessments. This, in his own views, will enable different IT departments within the organisation to communicate their needs and identify any IoT devices in the network to ensure security and stability of all of business resources.He shared with me how his experience of working with Japanese organisations proved that even in developed world, most firms are still discovering the cybersecurity repercussions of IoT. Even in Japan, it is an enormous task to accomplish due to the sheer size, ability and variability of connected devices and appliances.He added that it is important that a cybersecurity team within a company is equipped with the right skills and expertise to identify connected IoT devices, ensure the traffic is smooth, secure all data and be able to distinguish the different types of communications that exist within the network.Overall, I learned that with multiple IoT devices being interconnected in various locations and security profiles, a more dynamic and secure policy enforcement is required but it was clear that it is almost impossible for people to keep up with the numerous amounts of threats and alerts. Organisations should be prepared and ensure correct practices and security controls are used accordingly to safeguard the large amount of data. It is critical for companies to ensure that actions are taken once danger is realised. Organisations must not only understand the importance of addressing today’s IoT security issues, but also rethink their cybersecurity strategies in order to build a safer and more secure digital world.

Contador Harrison