Blog
Protecting Against IoT Vulnerabilities: IoT Security Solutions in 2020
As someone who has been in the technology business for over 25 years, it’s safe to say that I’ve seen a lot of so-called tech trends come and go. But one that I find truly exciting is also one that is very much here to stay: IoT, also known as, the Internet of Things.
In no uncertain terms, the implications of IoT are enormous. We’re already seeing them play out in our personal lives, as even your average consumer likely has many different IoT devices all over their homes such as smart fridges, wireless thermostats, garage door openers, and door locks.
But it isn’t just consumers that are benefiting from these exciting trends. Businesses- notably hospitals- are embracing IoT with open arms, too. If you walk into your average hospital, more than 50% of the devices that you see in front of you will be connected to the Internet of Things in some way. These devices are constantly creating and sharing data with one another, in order to provide a better degree of proactive healthcare to the patients who need it the most.
But whether you’re talking about a personal or business application of IoT technology, they’re still heavily reliant upon your wireless networks to work properly. If your wireless network goes down at work, suddenly that IoT-powered TV you have on the wall of your conference room for video meetings won’t operate as you need it to. Most importantly, it’s clear that healthcare providers can’t let a spotty wireless internet connection get in the way of a patient’s critical, life-saving medical device.
Security and the Internet of Things: The State of the Situation in 2020
But even more so than general reliability, IoT depends on SECURE wireless connections to make things possible. Remember that literally any device connected both to your network and to the internet are a potential vulnerability just waiting to be exploited by someone with malicious intentions. Now, think about all of those IoT devices you have and the potential risk you’re exposing yourself to without some way to properly secure and manage them moving forward.
One of the things that really makes these goals difficult is that a lot of the devices we’re talking about are seldom updated to address security issues and related matters. Think about things from the perspective of your average personal “smart home” user. How often is that electronic lock that you installed on your front door really updated? The next time you go into the app that controls your smart lighting equipment, check to see when the last firmware update was issued – was it even in the same calendar year we’re currently in?
Now, realize that the IoT in the world of business is still operating in largely the same way. A lot of the devices that are powering offices, factory floors and similar professional environments are updated just as rarely – if they’re updated at all. This, of course, is a problem. It doesn’t mean that security vulnerabilities don’t exist. It just means they’re not being addressed in any type of appreciable way.
Many don’t realize that these devices will need to be updated on a regular basis- just like laptops or smartphones- to give you access to the latest patches, bug fixes and – most critically – security updates. The scary reality is that you’re only as strong as your most recent update; Think about what a hacker could do if they were able to access those same live video feeds remotely without your knowledge. In addition to this, the fact that these devices oftentimes are missing central management consoles requires that devices are updated on an individual basis rather than en-masse. The devices themselves may have connected to one another in the ways in which they were designed to, but from the management side of things, you were still largely looking at assets that have to be maintained individually.
Indeed, security is maybe the most important topic to discuss when talking about the Internet of Things in 2020 and beyond. Not only do all of these devices need to be constantly accessible, but they also need to be locked down so that they can’t be accessed or breached in a way that would cause catastrophic disasters across the board.
The Dangers of Poor Network Security in the IoT Age
While on the topic of security, it’s equally important to understand that staying safe with regards to the Internet of Things is about more than just securing the devices themselves. As covered above, this is very important – but it’s also just one small part of a much larger story.
It’s equally important to protect the network that these devices are using to connect with one another. Think about all of the critical data that something like a medical device is creating on a regular basis. Now, realize that even if the medical device itself is locked down if your network ISN’T you’re potentially exposing all of that information to anyone who knows what they’re doing.
Therefore, one of the most important steps that businesses can take to protect both themselves and their customers in the IoT age involves enforcing more stringent password sophistication rules than ever before. Not only should passwords be complicated, they should also be changed on a regular basis – the stakes are far too high to ignore this.
If employees are having a hard time creating sophisticated passwords (and worry that they won’t be able to remember them), a business should absolutely invest in a password management tool to help make this far easier. Not only will this remove the dependence on the end-user to create strong passwords, but in a lot of industries (like those governed by HIPAA) it’s actually a regulatory requirement.
Along the same lines, businesses should absolutely embrace techniques like log monitoring and auditing – both of which are far more sophisticated than anything a standard firewall offers.
The types of tools that fall under this category not only provide real-time notifications and alerting when something goes wrong, they’re actually paying close attention to ALL network activity 24 hours a day, seven days a week, 365 days per year. Not only that but logs also often include crucial information like destination and source addresses, timestamps of suspicious activity, user information and more.
I’ve said it before and I’ll say it again – in the era we’re currently living in, you cannot stop yourself from becoming the target of hackers with malicious intention. There is no business “too small” to attract the wrong type of attention and, if anything, it’s no longer a matter of “if,” but “when.”
Having said that, strong password practices coupled with log monitoring and auditing can prevent you from becoming a victim by allowing you to stop a small problem now before it becomes a much bigger one later, which is ultimately the most important benefit of all. This will only become more important as the Internet of Things age continues, and as more and more devices begin to populate every corner of our personal and professional lives.
The Future of Technology Has Officially Arrived
So, if nothing else, understand that even more so than securing your wireless network, you need to take steps to secure those IoT devices themselves. The risks are far too great to take a reactive, “lax” approach to this topic, especially for patients depending upon that technology. Even over the next five years, the IoT industry is going to unlock a huge amount of potential for businesses in just about every industry you can name – alongside a higher degree of risk as well. But provided that you understand the unique requirements that securing IoT devices demand, you’ll be able to enjoy all the benefits with as few of those potential downsides as possible.
Security: The Most Important Factor Impacting the IoT in 2020 and Beyond
If you'd like to use 2020 as an opportunity to finally secure your IoT infrastructure for all-time, great - that's exactly what we want too. I'd recommend contacting either myself or one of my colleagues at TSI so that we can find out more about your business and the IoT technology you rely upon. For additional insights into other TSI IoT resources, please refer to our resources IoT page here.
Categories
- Backup & Disaster Recovery
- Business Operations
- Case Studies
- Cloud Services
- Cyber Security
- Employee Spotlight
- Finance & Budgeting
- Glossary Term
- Governance & IT Compliance
- Managed Services
- Mobile Device Management
- Network Infrastructure
- NIST 800-171 & CMMC 2.0
- PCI
- Podcast
- Project Management
- TSI
- Uncategorized
- vCIO
Cyber Security Policy Starter Kit:
10 Critical Policies That Every Company Should Have in Place