The Internet of Things has incredible potential. Unfortunately, it’s also a cybersecurity disaster waiting to happen. Lax vendor practices, a fast-growing threat surface, and a lack of understanding have created the perfect storm for massive DDoS attacks, compromised networks, and more.
And as with mobility before it, businesses ignore these threats at their own peril.
But being aware that IoT represents a risk for your business is not enough. You also need to understand that securing connected endpoints requires a different mindset, a different approach, and different tools from the rest of your infrastructure. Prepare yourself through the following steps.
Change Your Corporate Mindset
Traditionally, we understand that employees are our weakest cybersecurity link. And while this may still hold true, awareness and security training are insufficient in the era of IoT. Your business needs to reconsider how it approaches cybersecurity – while it is still an organization-wide mandate, it is also one which requires new methods such as machine learning.
“It is time to relieve your people of the cybersecurity burden,” writes Harvard Business Review’s Yevgeny Dibrov. “It may be prudent, and required, for you to continue with awareness programs, but you will have to rely on more intelligent technologies and automation if you hope to have any chance at success. Removing the human risk means repositioning the way you think of the relationship between employees, connected devices, and overall corporate cyber defenses.”
Understand Your Endpoints
Eventually, the onus for security will be on manufacturers and vendors. Until that day, securing IoT endpoints is your responsibility. You cannot trust that the businesses responsible for producing IoT devices will take the necessary precautions to protect your data.
They are largely interested in the consumer market. Data security and corporate clients are a secondary consideration. To address this, you must:
- Change the default username and password on every connected device, even something as mundane as a coffee maker.
- Always keep your software up to date.
- Know how often a device is updated, and what a vendor does to protect their devices. Try to exclusively work with vendors that understand the importance of security.
- Automatic updates. Use them.
- Implement an endpoint management solution that allows you visibility into and control over IoT devices.
Consider Network Segmentation
For devices such as coffee makers or fridges – endpoints which do not need to directly interface with corporate data – it may be worthwhile to set up a separate “guest network.” The more devices you can isolate from your core infrastructure, the smaller your threat surface. You may even go so far as to prevent devices from communicating with one another within that guest network, though this may be taking it too far and could impede some device functionality.
A Brave, Terrifying New Frontier
The Internet of Things is a cybersecurity nightmare – and that is unlikely to change anytime soon. You must remain vigilant and proactive if you are to protect your business’s data from the threats the connected world represents. Because eventually, you will become part of that world, whether you want to or not.