The now-ubiquitous Internet of Things (IoT) consists of devices like surveillance cameras, thermostats, baby monitors, medical equipment, home appliances and thousands of other items that can communicate with each other over the Internet.
In the first blog of this two-part series, we defined the anatomy of an IoT attack and provided examples of IoT attacks. In this second blog, we provide advice regarding how to mitigate an IoT cyber threat.
Mitigating the IoT Cyber Threat
When a device is connected to the internet, it can go through a change of password, security updates, and monitoring. It would help to incorporate higher levels of security into any device that will be connected to the web, along with better technology to manage the vulnerability of IoT devices. Auto-updates could become a standard security measure for new products.
While many companies claim to be addressing these threats, IoT security requires a comprehensive approach, spanning people and policies and technological solutions such as data encryption.
Encryption of data at rest and in transit has become easier to implement in recent years and is key to protecting sensitive data generated by IoT devices. However, many security professionals struggle to overcome encryption challenges such as classification and key management. A multi-layered cybersecurity strategy based on advanced encryption technology is imperative for enterprises and industrial companies operating across the IoT to protect the vast amounts of device data in motion and at rest.
IT teams must learn to leverage innovative technologies to create effective security strategies. It is critical to control and secure access while breaking down the myriad threat vectors data is exposed to when traversing heterogeneous, software-defined, virtualized networks or stored in the public and private cloud.
A recent Forrester survey found that, of firms that experienced at least one breach from an external threat actor, 37% reported that stolen credentials were used as a means of attack. Password-based, legacy authentication methods are insecure and generate a heavy administrative burden. In addition, Forrester noted that while machine learning and AI do have roles to play in security, they are not a silver bullet. Security professionals should focus instead on finding vendors that can solve the specific IoT threat profile for the business, and have referenceable customers.