There are some serious challenges to securing Internet of Things devices. Simply applying old school cyber security practises does not really work.
Even a fairly simple IoT network might include hundreds of different devices and sensors. Creating secure passwords for so many devices is not a trivial task. Ensuring that every one of them is running up to date operating system is a difficult job when some of the devices might not even be connected in such a way as to allow ‘over the air’ updates.
Even if you could get the updates to the right device you might find it doesn’t have the necessary additional memory to update properly.
This was the problem for some devices which fell victim to the Mirai botnet attack last year – the malware targeted devices running out of date operating systems.
The greatest current threat for IoT devices is that they are used to create botnets – networks of machines used by cyber criminals to power other attacks.
To create a safe and secure IoT project means thinking about security from the very start.
It means ensuring that any device connected to your network has a decent password and enough storage to keep operating systems up to date.
But it also means ensuring you have network monitoring systems which can keep an eye on what the devices are doing.
IoT devices should have a recognisable ‘fingerprint’ of typical activity. Intelligent security systems which recognise this print should also be able to quickly isolate devices which start behaving differently.
Security systems should understand what devices do and what other systems they need to exchange data with.
But don’t think all the onus is on you. Make sure you ask the right questions to IoT manufacturers and installers.
Although IoT requires some new thinking about cyber security it also means remembering the basics – anything connected to your network is a potential attack vector.
So putting an unprotected IoT device of any type is just as dangerous as plugging in an unprotected PC.
