The Internet of things is one of the fastest advancing technologies with more devices hitting the commercial, consumer, and industrial markets. Smart appliances, smart TVs, light switches, security systems, and medical devices are among the many types of Internet-connected devices on the rise.
IoT has opened up opportunities for companies to improve the visibility of their products and operations by collecting data from sensors implanted on a varying range of infrastructure within the company. While enterprises continue to embed sensors and wireless communication in their enterprise control system, each implementation arouses the curiosity of cybercriminals who are actively seeking to compromise data by implanting malware to disrupt operations and steal vital company information.
With the number of IoT devices set to increase from the current 30.1 billion devices to 41 billion by 2025, the cost of operating IoT devices will also increase due to information security budgets aimed at protecting IoT infrastructure. With governments already getting involved with the Internet of Things Security Laws, businesses can take precaution by adopting the best cybersecurity practices for early detection and prevention of cyberattacks.
While deploying IoT devices, organizations are also burdened with digital transformational projects that could create avenues for cybercriminals. To identify and mitigate potential risks, businesses should align these processes across all the major stakeholders in the organization, including having a centralized team responsible for securing IoT devices and ensuring ongoing compliance with risk management policies.
Aligning these operations requires evaluation of maturity based on in-house skills and practices of the IT and OT departments, then conduct security awareness training to harmonize each group’s unfamiliarity with the other’s operations. Furthermore, combining training with the implementation of established industry best practices, including the ISO 27001 standard and ISA/IEC 62443 standards by both teams, will play a fundamental role in protecting IoT infrastructure from potential attacks.
Interconnectivity to third-party software, hardware, and services poses potential cyberattack risks to your IoT infrastructure. You should be wary of how connected devices interact with third parties to reduce the risk of attacks from their end. Demand business partners accessing your devices and networks have strong security measures in place and that they demonstrate compliance with your security procedures. Contracts with these parties should address security measures, including software updates, before they access your devices and networks.
One of the key priorities for businesses should be to map all the connected devices and sensors used by the company, business partners, contractors, and customers to identify those that pose the highest security risks. Critical IoT devices will include those distributed across enterprise networks and isolated networks within the company or different geographic locations. Where possible, deploy technology to automate the discovery and registration of new devices within the IoT network system.
By locating assets, companies may discover assets that they were not aware existed and pose a potentially high risk to the company resources in the event of a cyberattack. Although there is a need to protect all the assets, it is important to secure critical assets first. Once all the devices are located, assess their vulnerability and execute patches on them. Request third parties to do the same with their devices.
Vendors of IoT devices will always claim that their products are secure, as there is no foolproof method to prove. There is a growing awareness for the need for a standard and authoritative certification process that vendors and consumers can use to verify the security of a device. Currently, Underwriters Lab and CTIA Authorized Testing Laboratory (CATL) for cybersecurity offer IoT Certification that ensures the safety and interoperability of interconnected wireless devices.
Checking for UL certification when purchasing and installing IoT infrastructure can help in protecting your devices and networks from common attacks. Furthermore, there are other emerging standards, including Fairhair Alliance, which is seeking to have open standards for IoT in commercial buildings.
Artificial intelligence for IT operations (AIOps) has grown from just an emerging trend to a key requirement for businesses. Artificial intelligence and machine-learning platforms are best suited to establishing anomalies and subtle deviations with security policies in the organization. Some socially engineered attacks, including those embedded in software codes are difficult to detect without the use of technology, hence the need to deploy AIOps as a tandem approach to identifying and detecting attacks on IoT devices.
The risk of compromise to connected devices is too great to ignore. Often, by the time you realize there has been an attack on IoT devices, cybercriminals have already gained access to sensitive company information, which can be compromised. No single method is foolproof of cyber-attacks; hence, businesses should adopt a proactive secure-by-design strategy while strategically working to monitor and patch outdated software, equipment, and infrastructure.