One thing many of us forget is that every connected device hitting the market comes with a multitude of fresh vulnerabilities and attack points for hackers. This is not just worrisome — it’s downright scary, and no matter how excited you are for the future, there’s no denying the potential dangers new technologies introduce.
It’s not a safe bet to leave protection in the hands of the brands, services and systems you regularly use. Security should be a major concern for everyone, because your digital identity, data and personal information is constantly under attack. Just take a look at the breach on Equifax, a major credit-reporting bureau responsible for the financial details of millions.
If you think IoT and connected devices are an exception, you’re mistaken. Hackers will use whatever channels, whenever they can, to abscond with sensitive information.
More alarming, however, is the fact that in the age of IoT, it’s about more than just sensitive data — it’s about control. If someone unscrupulous can gain access to any one of your IoT or connected devices, then theoretically, they can also access the rest.
Imagine a smart home — or worse, a smart vehicle — infected with a virus meant to hold you hostage. Door locks, lightbulbs, TVs, audio equipment and even appliances can be leveraged to wreak havoc on you or anyone in your home should they ever be compromised.
Ransomware is an incredibly popular form of malicious attack that takes total control of a system or device and demands payment to regain access. Often, the attack source never restores system access even after receiving payment.
So how do we protect ourselves? More importantly, what can an IT professional do to combat potential breaches and attacks in the current climate? Here are a few tips to make crime more difficult for IoT hackers:
Don’t Overlook Physical Tampering
In design, prototyping and even maintenance, it’s easy to forget about the physical aspect of products and devices. Security professionals spend a lot of time bolstering the digital content and experience, often overlooking the physical components and hardware. Attackers, especially resourceful ones, can easily tamper with a device by opening it.
The way device internals are designed can help or hinder security, too. Using a BGA or Ball Grid Array, for example, can help security because they often require extra PCB layers for testing and operation. IoT devices are especially susceptible to this. The creation and development of said products is often outsourced, and during the process, physical security is forgotten or bypassed.
But it’s not just about the innards — authorized ports can be an issue or source of a breach, as well. USB ports, SD card and external storage ports, ethernet connections and more can all be leveraged to deploy an internal attack.
Properly locking down these channels is as instrumental to protecting IoT hardware and equipment as the digital protections you employ.
Add Additional Layers of Protection
During design and development — or even later in a product’s lifecycle — you’ll be focused on cybersecurity and digital protections. Most protective measures are preventative in nature, meant to fend off an attack or slow down hackers if they don’t outright prevent access.
But what happens when an attack is inevitable? How can you protect sensitive data and information and the flow of digital content after a breach has happened?
This issue highlights the need to come up with additional, tiered-levels of protection. Storage and data encryption is a great example of an additional security layer. Even with the data in hand, hackers still have to decrypt the information to make any use of it.
You can also use program protocols designed to lock down or completely shut down systems in the event of a breach. This would prevent further access and damage, at least until the situation can be properly assessed. It would also sever the transfer of data steadily flowing outside the system or network in question.
Eliminate Backdoor Entry Points
As useful and beneficial as they may be at times, backdoor entry points to systems and IoT devices are incredibly dangerous. Obviously, we’re referring to administrative backdoor entry points — not those created by trojans or malicious tools.
If you absolutely must have them — as is the case with systems like routers and network hubs — then always ensure administrative passwords are unique and strong. You’d be surprised how many routers are vulnerable simply because a master-level account exists with the username set as “admin” and the password set as “password.”
At the very least, require your users or new accounts to update and set a new authentication method before providing access to the necessary systems.
An obstacle for most IT teams is the collaboration and coordination across departments. Every cybersecurity team should have cross-functional teams filling a variety of roles and working alongside one another. That means a team should consist of business or unit managers, C-suite executives and decision makers, IT and security professionals, and even maintenance and development professionals with a background in security.
Follow Cybersecurity Standards and Best Practices
Last but not least, it’s important that you set a solid foundation of cybersecurity standards and best practices across your organization and teams — and stick with them. What you choose to follow should always coincide with the current cybersecurity guidelines and standards. This helps to ensure that your systems are protected on many levels, both from outside parties and the legal ramifications of a major breach or attack.
Latest posts by Nathan Sykes (see all)
- The Reality of IT Outsourcing in 2018 - May 1, 2018
- 6 Things You Need to Know About Starting an SaaS Company - April 26, 2018
- 5G and Cybersecurity: What We Can Really Expect - April 3, 2018