10 IoT Security Best Practices For IT Pros

...

IT professionals have to treat internet of things (IoT) vulnerabilities as they would vulnerabilities in databases or web applications. Any flaw can bring unwelcome attention, for those making affected products and those using them. Any flaw may prove useful to compromise other systems on the network. When everything is connected, security is only as strong as the weakest node on the network.

The Internet Crime Complaint Center (IC3), a partnership between the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance, issued a warning in September 2015 about the risks posed by internet of things (IoT) devices.

"As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors," the IC3 alert said. "The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats."

From a statistical standpoint, the warning may seem premature, because IoT devices haven't been implicated in major breaches. As Verizon noted in its 2016 Data Breach Investigations Report (DBIR):

For those looking for proclamations about this being the year that mobile attacks bring us to our knees or that the Internet of Things (IoT) is coming to kill us all, you will be disappointed. We still do not have significant real-world data on these technologies as the vector of attack on organizations.

We do have real-world proofs-of-concept. Cyber-security researchers Charlie Miller and Chris Valasek last year remotely hacked a moving Jeep Cherokee and sent it into ditch. The pair have more recently demonstrated hijacking a moving Jeep is still possible, though this time they were inside the vehicle.

Also last year, security researcher Maxim Rupp identified two vulnerabilities in Honeywell's Midas gas detector, a device used in semiconductor processing and industrial manufacturing. Researchers have identified many other holes in IoT security.

The potential impact of these flaws may prompt fears. The idea that a hacker might cause you to crash your car is frightening. There's not much money in pursuing that sort of exploitation, and hackers tend to be motivated by the desire for financial gain. According to Verizon's 2016 DBIR, 89% of breaches had a financial or espionage motive.

Yet, those working in information technology have to treat IoT vulnerabilities as they would vulnerabilities in databases or web applications. Any flaw can bring unwelcome attention for those making affected products and those using them. Any flaw may prove useful to compromise other systems on the network.

When everything is connected, security is only as strong as the weakest node on the network. A compromised home router, for example, could betray credentials necessary to penetrate workplace systems.

Pen Test Partners, a company offering penetration testing and security services, offers best practices for IoT device-makers, app developers, and IoT supply chain partners to consider. So do Microsoft and the Federal Trade Commission. whiteCryption has some recommendations too.

Anyone dealing with IoT software or hardware would also do well to review the OWASP Top 10 IoT Vulnerabilities.

What follow are 10 tips IT professionals should consider when designing and implementing internet-connected devices.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    High-Res Imagery of LG's New Watch Style Arrives

    Over the weekend, high-res imagery of the new LG Watch Style found its way onto Twitter, thanks to Evan Blass.Supposedly, this is the smaller of the two new LG watches said to arrive within the next couple of weeks, a watch that we have seen before only in low-res form.
  • 5300c769af79e

    Believe it or not, Dish Network wants to fix your broken iPhone

    For starters, Dish can repair the iPhone 5, 5C, 5S, 6, and 6 Plus.Related: The iPhone 6 case that amplifies your music We are also expecting that popular Android phones will be added soon based on how the website is set up.
  • 5300c769af79e

    12 Ways To Cultivate A Data-Savvy Workforce

    If your company's hiring and retention standards aren't keeping up with the times, you may be losing valuable job candidates and employees.To minimize the pitfalls of building a data-savvy workforce, consider these tips.
  • 5300c769af79e

    Comcast Boosts Monthly Data Cap to 1TB

    "We have learned that our customers want the peace of mind to stream, surf, game, download, or do whatever they want online," he continued.More than 99 percent of Comcast users "do not come close," to 1TB, according to Jenckes, who said typical customers require only about 60GB.