IoT security has become one of those harrowing buzzwords over the past few years, as connected devices have gone from a seemingly innocent addition to increase convenience in your life to a potential avenue for attackers to steal or control your data. IoT shouldn’t be scary, what it should do is propel us to take a fundamentally different approach to cybersecurity to ensure this new form of data collection isn’t exposing us to risk or causing us harm.
Recent research has shown that there are 8.4 billion IoT devices in use today – that number is expected to surpass more than 20 billion by 2020. This sheer magnitude and scale of new devices is one of the key issues leading to an increase in risks across our ecosystems. If we adopt a few best practices we can help ensure that the data collected by these devices remains safe. Here are three ways to make that happen.
Automate. The less you need to worry about keeping your devices secure, the better. For that reason, automating security whenever possible is a good best-practice. Enabling automatic updates to ensure your device has the latest software or firmware is one of the easiest ways to secure devices. As IoT infrastructure continues to develop, I hope to see more automation capabilities put into place, even to the point of having automatic security detection and mitigation capabilities built directly into the product.
Secure devices. The explosion of IoT devices has also led to a wild west scenario when it comes to security capabilities. Some devices include critical offerings, such as password protection or the aforementioned automatic firmware updates, to help consumers keep themselves secure – while others don’t. Ensuring devices are as secure as possible when leaving the factory is an important first step in any security strategy. Once you have a device in your hands, it’s your responsibility to follow some best practices, such as changing the default password on the device to ensure it’s strong, or putting the device on a separate network to minimize additional traffic that could compromise it. There is not a 100% foolproof way to secure a device, but implementing these simple measures could help greatly.
Secure the network. The best option for protecting IoT devices is actually to secure the entire network, not just the individual devices. Effective security management means making sure you have a consistent approach that incorporates visibility, policy management and reporting across all of your network environments. By injecting protection at every level of the network, you can stop harmful traffic before it spreads throughout the network and potentially infects other devices. It’s all about threat mitigation and detection at every point of the network, down to the switch level, to keep attackers out and the data in.
Addressing these three major aspects of IoT security will go a long way towards solving the legacy problems that come with the proliferation of connected devices. As an industry, we need to ensure that we are building security into the core of these devices and treating the protection of data as the number one criteria in their development. Adding automated protection at both the device and network level will greatly help minimize damage caused by attackers targeting IoT devices and ensure users get both the convenience and security they deserve.