'Internet of Things' Security Concerns: How IT Pros Can Save the Day
By Ashley Brooks on 07/26/2016
You may think people are the only ones using the internet, right? Wrong. The internet has become a tool all sorts of devices use--smartphones, TVs, gaming systems and even home appliances!
This phenomenon is called the Internet of Things (IoT) and it allows for some pretty amazing technological feats. Want to see who’s at the door without getting up to check? No problem! How about automatically starting the coffee maker when your alarm goes off? Done!
"Each device or gadget that is connected has the potential of being compromised."
But the perks of IoT come with risks you may not have realized. Internet of Things security has become a real concern for IT pros across the industry.
“Each device or gadget that is connected has the potential of being compromised,” says Rob Boirun, manager of VPN service IPinator. He explains that while IoT is meant to simplify our lives, it could ultimately lead to trillions of vulnerabilities.
We spoke to experts in the field to learn about the biggest Internet of Things security concerns and what IT pros can do to prevent breaches.
‘Internet of Things’ security concerns you need to know about
The root of the problem with IoT security is that once one device has been compromised by malware or hackers, all connected devices become susceptible as well. Even more concerning is the lack of regulation when it comes to ensuring the security of IoT devices.
“IoT devices tend to have weaker security protections than regular computers,” says Mike Baker, founder of cyber security service provider Mosaic451. With so many manufacturers in various channels, there are no common controls regarding passwords, encryption or other security measures, according to Baker.
Our experts indicated that these are three of the biggest IoT security concerns:
1. Privacy violations
Many IoT devices have built-in cameras or microphones, such as home security cameras or baby monitors. These cameras are a reassuring way to keep an eye on your home from afar. But in the wrong hands, they can also be used to spy on you and violate your privacy.
In one case, critical vulnerabilities were discovered in a wide range of IoT baby monitors, according to Kevin Shahbazi, CEO of cloud-based security solution LogMeOnce. Hackers were able to access the live video footage, change the camera settings and authorize other users to remotely view and control the monitors.
2. Compromised physical safety
It may sound convenient to have an app that adjusts your home thermostat or controls the lock on your front door. But these conveniences could be used to endanger your physical safety, according to Edward Kiledjian, chief information security officer at Bombadier Aerospace.
A hacker could easily use a compromised IoT device to do everything from unlocking your door and disabling your alarm system to changing your physical environment by turning off your home’s heat, Kiledjian explains. These possibilities can expose families to real physical harm, putting IoT security concerns on a whole new threat level for consumers.
3. Network threats
The average Joe isn’t the only one vulnerable to compromised IoT devices. Unsuspecting businesses are also targets, according to Shahbazi.
“Not only are business owners unaware of what data is stored on IoT devices, but there are also broader issues around what data can be transmitted from these devices and where that data may ultimately end up,” Shahbazi says.
Many companies have started making expensive investments to protect themselves from IoT threats. But it only takes one employee using a connected device on an unsecured network or copying data to the cloud to place a whole business at risk from hackers, Shahbazi explains.
Preventing ‘Internet of Things’ security risks
Our experts agree that the best security fixes lie within the companies that are manufacturing IoT devices in the first place. “Unfortunately most manufacturers are more interested in selling a cheap, half-baked product than delivering a secure, high-quality device,” Kiledjian says. Naive consumers continue buying the inexpensive, unsecured devices, which drives the manufacturers to continue the vicious cycle.
So what’s being done to prevent security breaches? Kiledjian notes that some IoT manufacturers, such as Ring Video Doorbell, are stepping up to the plate by providing remote upgrades to patch known security risks. But if other IoT companies aren’t willing to protect their customers, prevention will have to come from IT pros.
“IT pros are aiming to provide an up-to-date understanding of where the threats are coming from in order to stop an exploit from happening,” Shahbazi explains. When it comes to the interconnected chain of devices that make up the IoT, he sees IT pros as the guards ensuring that security is factored into each link.
How the ‘Internet of Things’ affects IT pros
With all of this pressure on IT pros to take care of the security issues manufacturers are ignoring, you may be wondering how the Internet of Things is affecting IT jobs. The answer is that IT workers in all industries and at all levels need to stay aware of possible threats to protect their company and their customers.
“Businesses and IT departments should be wary of IoT in terms of connected devices and the security of their networks,” Shahbazi warns. He also recommends that IT pros work with their companies to create a separate network specifically for IoT devices to ensure maximum safety. Baker suggests that IT managers push for secure mobile device management, which would ensure that every employee’s device met minimum security standards.
"Security is a balancing act and a risk evaluation exercise."
Though a separate, secure network and increased authentication methods can certainly help the problem, Baker adds that IT pros shouldn’t rely on technology to prevent security breaches. “If you examine the largest data breaches, phishing scams and companies held hostage by ransomware in 2015, technology did not protect the vast majority of these companies. Employees must be thoroughly trained on cyber security practices and security awareness---and this training must be an ongoing process.”
The bottom line is that IT pros should be well acquainted with risk management if they want to avoid IoT security concerns. “There is no such thing as ultimate or perfect security,” Kiledjian says. “Security is a balancing act and a risk evaluation exercise.”
Could you help prevent cybercrime?
With technology constantly evolving, IT pros are tasked with the job of keeping would-be cyber criminals away from private data. Now that you know why the Internet of Things security risks are keeping IT pros on their toes, you may be interested in learning more about the professionals devoted to defending private data.
Check out these 5 Fascinating Infosec Jobs that Help Combat Cybercrime to find out more. One of them could be your future IT career!