For years, experts have warned about the danger of Internet of Thing devices, often built by companies on the cheap with little or no interest in building security into their products. Many of these insecure devices have found their ways into businesses, interacting and exchanging cloud-based information with other parts of the corporate infrastructure.
With the emergence of powerful IoT malware such as Mirai, the bad news predictions are being borne out. The reality is that any connected device provides an attack vector for adversaries.
Still, the prospect of malware-infected devices repurposed as a zombie army acting at the behest of cyberattackers hasn’t slowed IoT adoption. Just the opposite is true, in fact. Companies in sectors such as manufacturing, transportation, healthcare and utilities continue to deploy IoT devices in ever-greater numbers, and researchers expect billions of devices will be in use around the world by the end of this decade.
Your plan of attack
When it comes to IoT security, there may be no silver bullet. But that doesn’t mean you’re left defenseless. As the AT&T Cybersecurity Insights report notes, companies can mitigate the threats by adopting a proactive approach that builds in security from the start. The goal should be to lay down a strategy that aligns IoT security with the organization’s existing cybersecurity policies and systems.
Here are seven blocking and tackling tips your cybersecurity team should implement.
- Order a device assessment to track where IoT devices are being deployed and how they operate with the rest of the infrastructure.
- Identify any security vulnerabilities so that the IT team can swing into action to make any necessary fixes.
- Change any standard default log-ins and passwords Leaving default credentials in place will only invite trouble as botnets frequently scan for IoT systems that use factory-default or hard-coded usernames and passwords.
- Keep all your devices up to date with all the latest security and firmware updates.
- Security ought to be treated as a priority as high as functionality. If your organization intends to develop its own IoT apps, make sure that security testing is front-and-center, not an afterthought.
- Adopt an end-to-end, data-centric security approach by encrypting all communications, commands and values transmitted from any IoT device to the infrastructure.
- Telecommuting employees should only connect through secure Wi–Fi, and not use public Wi-Fi at the corner coffee shop or airport lounge. Spell out specific policies and controls telecommuters must abide by.
The very connectedness of the IoT leaves it open to security and safety vulnerabilities. But by implementing a tight security policy for your growing arsenal of IoT devices, your organization will go a long way to guarding against IoT-powered zombie attacks.
Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.
Sponsored by AT&T
Want to know more about Cyber Security and Threats, contact us here