Closed-circuit security cameras, smart phones, wireless printers, IP-connected energy meters, video conferencing systems. These are the type of “things” that make up the Enterprise Internet of Things (EIoT). Although the EIoT holds different weight among different companies, with IoT devices being always-on, always-connected, the risk is high for attacks.
The one constant across all businesses? The lack of a singular, straightforward solution for protecting their security infrastructures.
In order to successfully defend against EIoT security threats, you must first know what they are, then continuously monitor for them.
What to be on the lookout for
To some extent, these threats depend on the inherent weaknesses of IoT devices, but core vulnerabilities relating to the EIoT include:
- Expanded attack surface. More physical devices are being added to the internet daily, which further opens up entry points for attackers to explore. The proliferation and ubiquity of these devices in the enterprise offers would-be attackers more chances to eventually access a company’s broader security architecture.
- Data privacy and protection. Many applications collect confidential or proprietary data, of which its transmission, storage, and retrieval needs to be secure for both business and regulatory reasons. If internet-connected devices or interfaces do not require authentication prior to granting access, they’re that much easier to exploit. As a result, sensitive or even embarrassing information can be leaked.
- Botnet recruitment. If an IoT device is poorly safeguarded, it is susceptible to botnet recruitment. This impairs performance and can ultimately harm reputation in the long-term.
- Attacks on IoT-enabled processes. People wanting to disrupt a given business’s activities have more devices, applications, and frameworks to target. For example, via denial-of-service (DoS) attacks or by compromising and/or disabling individual devices. Compared to other types of hacks, DoS attacks can deplete a company’s most valuable resources: time and money.
Plan to fail, but with proper preparation
Developing EIoT applications with security top of mind, making existing IT security function more efficiently, and advancing a few novel ideas can all help shield EIoT deployments from security breaches.
But let’s be realistic: a security breach is not a matter of “if,” but “when.” Companies, and IT teams especially, must be skilled in containing the damage and helping the system to quickly recover. Adopting some new ideas can protect firms from EIoT threats.
IEEE offers three ways to prepare: The IEEE Guide to Internet of Things, Cyber Security Tools for Today’s Environment, and Hacking Your Company: Ethical Solutions to Defeat Cyber Attacks. These learning programs ensure an organization’s technical staff is up-to-speed on the latest developments in IoT, so they can be securely integrated into operations.
Kerner, S. (28 Dec 2017). Security Flaws Found in Sonos Internet Connected Speakers. eWeek.
Paul, F. (27 Dec 2017). Can IoT help make the enterprise more secure? Network World.