In a contributed article to Internet of Business, George Smyth, director of R&D at software development company Rocket Software, talks us through the precautions every business should take to ensure that IoT devices on its network edge don’t compromise the security of internal IT systems.
When it comes to suffering a data breach as a result of poor IoT security, the stakes have never been higher. The EU General Data Protection Regulation (GDPR) is just on the horizon and with it will come staggering fines for organisations that fall victim to the theft of customer data – up to €20 million or 5% of turnover, whichever is highest.
While last year’s Mirai DDos attack demonstrated how hackers could use hundreds of thousands of internet-connected devices infected with malicious code to take down websites in the US and Europe, more attention needs to be paid to just how dangerous badly-protected IoT device can be.
In fact, some security experts are suggesting that if we don’t drastically change approaches to IoT security, IoT might just as well stand for ‘internet of threats’, or even, the ‘insecurity of things’. Clearly, companies need to do more to ensure that a proliferation of connected devices on the edge of their networks doesn’t compromise the security of internal IT systems.
Read more: Talend: GDPR compliance threats in the IoT
The concept of ‘security by design’ is a crucial component when it comes to the creation of IoT-connect devices. Any piece of IoT technology, whether it’s for business or consumer use, should be created with security as a fundamental component. What’s more, companies need to be aware of the technology solutions out there that are designed to protect IT systems and devices from security breaches.
But looking beyond this, there are a few simple steps that every company should be taking to protect IoT systems from day one.
Step one: Choose the providers of IoT devices carefully
It is critical to do due diligence when choosing an IoT device provider. Ensure it is a well-known and reliable supplier, likely to be around for the long term. IoT devices need to be updated regularly, especially when a new security flaw is discovered. If you bought from a company that has gone bust, you’ll end up with a device that is basically useless. You need to buy from a manufacturer that will be around for years to come, so they can provide patches and fixes to any security bugs that may arise, and so you can be sure any patches are applied in a timely fashion.
Step two: Invest in a network analysis tool
It is not enough to simply rely on suppliers. It is also important to invest in a network analysis tool to monitor activity and quickly identify potential security issues. Otherwise, you risk missing instances of information being accessed without permission or at unexpected times. These signs can point to a breach of your IT system through IoT devices.
Step three: Make network management protocols a priority
Connected devices often come with an in-built protocol from the manufacturer that will allow you to monitor internal activity – but this often isn’t enough if you’re looking for the most robust security. For businesses, it is crucial to choose IoT devices that support Simple Network Management Protocols (SNMP), the worldwide standard for network management, allowing them to be monitored by intrusion detection and prevention systems. This way, you will have more detailed and comprehensive monitoring and analysis of a device, and be able to pick up on any unauthorised attempts to access it.
Security can’t be an afterthought
At the end of the day, the number of IoT security breaches is only going to grow. As such, securing connected devices can no longer be treated as an afterthought. If we’re ever going to realise the full potential of the technology, companies need to ensure they’ve made security a priority from the very beginning.