Internet of Things (IoT) technology makes daily tasks easier. From smart home devices to entire smart cities, these interconnected devices are changing the way we interact, do business, and live our lives. But with any new technology implementation, there are risks involved, and this especially rings true for IoT. Because the demand for IoT devices is projected to rapidly increase — Gartner predicts that the number of IoT devices in use will reach 20.4 billion by 2020 — organizations must be proactive in mitigating the threats to IoT technology. So, how can they do that? Here are four ways to minimize risk in IoT devices.
4 Ways to Minimize Risk in IoT Devices
1. Take Inventory
The first step in reducing the risks associated with using IoT devices is taking inventory. What IoT devices are currently connected to your network? How are they being managed? How are you updated when a new IoT device is added to your environment? What BYOD policies do you have in place? To limit the attack surface, knowing what you have is crucial. This means knowing what devices, both hardware and software, your organization has deployed as well as the IoT devices your employees bring into your environment.
2. Design for Security
Organizations are quickly developing and adopting their own IoT technologies, and with that, vulnerabilities are bound to slip through the cracks. But rushed development and/or implementation can have detrimental results. When adopting or deploying IoT technology, organizations must be sure to carefully design for security. Developers must be proactive and lay a foundation for security before the device falls victim to potential attacks like malware, ransomware, or DDoS. For example, during the development stage, developers need to consider what type of data must be collected and how it will be secured. For IoT devices that transmit sensitive data like protected health information or payment card data, organizations should consider using various encryption methods, like firewalls or SSL. In recent cases, healthcare devices are amongst the most vulnerable IoT devices for malicious attacks, like the Medtronic CareLink 2090 — a device designed to monitor pacemaker settings — and the Medtronic MiniMed 508 — a device used to monitor insulin. Because these devices had poor authentication and encryption features, the software became vulnerable to malware infections and malicious use, putting patient lives at risk.
3. Perform Risk Assessments
Whether your organization offers IoT technology as a product or service or uses it to conduct business, performing a risk assessment is essential for mitigating any and all potential vulnerabilities. Even if the IoT device has been developed with security in mind, there could still be unidentified vulnerabilities that could be exploited by a malicious hacker. Not to mention, there are likely IoT devices in use by your organization that you might not consider a traditional attack vector, and those devices are equally as important to assess. For example, an American casino experienced a data breach via their aquarium because a malicious hacker compromised their IoT temperature sensor, gained access to their network, and stole data about high-paying customers. By performing a risk assessment, organizations will be able to identify and mitigate potential weaknesses, no matter where or how seemingly non-threatening they may be, in their IoT technology and will be more prepared to avoid possible security incidents.
4. Undergo Penetration Testing
Before deploying any IoT technology, organizations would be wise to undergo IoT penetration testing. Why? Because even with the most experienced development and internal audit teams, some vulnerabilities may remain undiscovered. By receiving third-party assurance via penetration testing of the IoT devices your organization is using, you can ensure that your organization’s data and reputation remains secure.
Securing Your IoT Devices: Invest Now or Pay the Price Later
According to Symantec, “IoT devices experience an average of 5,200 attacks per month” and were an emerging attack vector throughout 2018. Considering this, as threats against IoT devices continue to rise and organizations continue to quickly adopt IoT technology, mitigating the risks associated with using such devices needs to be taken more seriously. By using these four steps to minimize risk in IoT devices, your organization can help secure your data, protect your reputation, and gain peace of mind that the IoT devices in use are as secure as possible. It’s not worth rushing the development or implementation of an IoT device that could lead to a breach later. Invest in security from the start, so you can prevent potential costly data breaches in the future.
Want to learn more about how you can minimize risk in IoT devices? Contact us today to find out how KirkpatrickPrice can help you ensure the security, availability, and confidentiality of the IoT devices your organization uses through penetration testing.