By BizTech on 19 December 2016
IoT Security, information security, threat prevention
Recent breaches have shown the vulnerability of the Internet of Things, but IT departments can defend against hackers with a multifaceted approach to security.
While driving a Jeep Cherokee through downtown St. Louis in July 2015, Andy Greenberg felt a sudden blast of air from the vents. The radio mysteriously changed stations, music began blaring and the windshield wipers started. The situation went from perplexing to frightening when Greenberg stepped on the gas pedal but couldn’t accelerate as he watched an 18-wheeler approach in his rearview mirror.
Fortunately, the experience was a test in which Greenberg had agreed to participate. Once the white hat hackers, Charlie Miller and Chris Valasek, illustrated their point — that they could hijack the vehicle’s wireless entertainment system and dashboard functions — they relinquished control of the system and let Greenberg take over.
The car-hacking test revealed a flaw not only in Jeep’s wireless systems but in the growing arsenal of IP-enabled products. People used to worry about malware on their computers, but in the age of the Internet of Things (IoT), home alarm systems, traffic lights, baby monitors, pacemakers — just about any “thing” — are susceptible to vulnerabilities.
Cyberattackers illustrated this point repeatedly in recent years, breaking into public utilities, sewage systems, even baby monitors. Adding so many new systems to networks puts additional pressure on IT departments that are already struggling to keep their systems secure. As more organizations adopt IoT solutions, they need to ensure they’re not creating new ways for cyberattackers to get in.
Due to the bullish projections for IoT’s growth, organizations are racing to stake their claims. Ninety percent of semiconductor manufacturers are developing new chips and sensors for IoT applications, according to a study by Morgan Stanley. And while some products are designed with security in mind, not all are created equal.
Deploying the Right Defences
To guard against the increased threats introduced to its IoT deployments, an organization needs a multilayered, scalable security strategy that starts at the gateway and encompasses elements including legacy systems, sensors and cloud-based solutions.
Firewalls: Whether an appliance or a software solution, a firewall is an important component of any security strategy. New firewall products are designed to accommodate the vast array and volume of devices unique to IoT.
Encryption: In order to protect data while it’s at rest on devices and in transit over a network, organizations can use an algorithm to scramble data, rendering it unusable by anyone other than a user with a decryption key.
Authorization: As more IT and OT devices connect to the network, it’s important to manage who has access to equipment and locations. With authorization tools such as Cisco Identity Services Engine, organizations can create policies that automate access management throughout an organization.
Network segmentation: IoT connects multitudes of IT and OT systems. So if a threat were to breach an organization’s network, any connected systems could be at risk. One way to guard against such a catastrophic situation is to segment the network. This way, if there is a breach, only the devices in that segment would be compromised.
(2016). 4 Components of an Effective IoT Security Strategy. BizTech. Recovered on 8 January 2017, from http://www.biztechmagazine.com/article/2016/12/4-components-effective-iot-security-strategy