Cybersecurity Risks in the Internet of Things (and How to Solve Them)

SYSTEMS & TECHNOLOGY   |   3 minutes  |   February 11, 2019

IoT BannerIoT Banner
The digital age has entirely reshaped how we create, enjoy, and share information around the world. If you find yourself needing to know almost anything, the answer is at your fingertips… but this has caused some new security concerns to arise too.

The most obvious security concern on top of everyone’s mind is: bad passwords. Despite our awareness of using easy-to-hack passwords, the second most used password in 2018 was shockingly “password”,1 a fact made more frightening when you find out that over 3.3 billion records were stolen in the first half of 2018 (making clear just how vulnerable we all are).2 But it goes far deeper than that when you start investigating it. This is the trouble with the freedom of information and connection that the Internet of Things (IoT) has brought, because the IoT is reshaping the cybersecurity landscape.3

What is the Internet of Things?

IoT IconsIoT Icons
To understand what security threats you might be open to, first it’s important to understand exactly what the Internet of Things (IoT) is. The answer? Put simply, it’s everything you own that’s connected to the Internet.

Matthew Evans, the IoT programme head at techUK, explains that “the Internet of Things is made up of devices – from simple sensors to smartphones and wearables – connected together.”4 Evans means that the IoT is a network of devices and technology that are connected to each other through the Internet, able to communicate with one another and pass information between each other. As technology evolves, the IoT grows and becomes larger, its network expanding to increase more devices and more people’s information, and so opening itself up constantly to new types of security threats.5

That is why IoT security is so important, and becoming increasingly more so as the world tends towards more reliance on digital technology. Much like cybersecurity, IoT security is comprised of systems and tools that you can use to protect yourself against attacks or hacks into your IoT network. Instead of being an entirely different sector of security, IoT security is what you might call a “department” of cybersecurity, as it deals only with the safeguarding of connected private or public networks.

Security concerns in the Internet of Things

Business leaders might find themselves wondering how to secure their existing IoT systems, or how to implement new IoT systems safely. The best protection when in this situation is to gain awareness of the common security threats that you might find when managing or setting up an IoT system, and how to work through or around them.

4 common security concerns in the Internet of Things:

 
1.Transport layer weakness: This is when the applications that manage your data don’t take any measure to protect it, or even poor measures. Unfortunately, this leaves your data unencrypted and open to a hack (quite literally, the layers of protection surrounding your data whilst in transport through the network are weak).6 To help avoid this being the case in your IoT network, you will need to keep your security certificates up to date, keep your protocols up to date, and employ encryption technology to encrypt the data that you want kept within a private network only. Some examples of encryption technologies that could be used are Cisco, HPE, or Symantec.

2. Vulnerability to account compromise: This is a broad term meaning that a system has poor account authentication or registration present. If your system doesn’t have strong passwords or account lockouts in place for users, you leave it open to brute force attack. You can automate a lot of these solutions for yourself by making use of an authentication technology like Covisint, Gemalto or Baimos Technologies.

3. Shared and default secrets: Everyone does it, but it’s not a good idea for all your devices and different accounts to share the same login names and passwords. It does make it easy for you to remember them, but it also makes it easy to hack your entire IoT network.9 Keep login information varied and as random as possible to avoid vulnerability in this area.

4. Device specific concerns: There are always security concerns that are specific to the kind of devices or technology that you’re using in your IoT network.10 It’s always a good idea to research the companies, brands, models, and software that you’re using to understand where you might be vulnerable. Some of these device-specific concerns include debug services enabled (an enabled debug service interface creates “a rich attack surface to dump firmware, steal secrets, and otherwise compromise devices provided they have physical access”), missing patches (many systems do not automatically update, which means that often a security system can be so out of date that it is easily attacked), and insecure updates (many system attackers gain access by injecting damaging code into unverified updates that users unknowingly install – always make sure your system asks to verify updates before installing them).11 Vigorous research into your IoT network devices and software, and making sure everything is always up to date, is how you can make sure to avoid these issues.12

Burying your head in the sand certainly won’t solve any problems, because the Internet of Things is only growing. The world is asking it to grow. As everyone constantly seeks more data to allow for more opportunities, this also continually opens up their systems to more risk.13 In today’s digital business era, IoT cybersecurity is as important as your physical security, but, thankfully, with the freedom of information comes solutions in how to handle cybersecurity threats. The final answer is to stay on your toes, and keep learning.

  • 1 Rense, S. (Dec, 2018). ‘The top 25 passwords in 2018 are an embarrassment to humankind’. Retrieved from Esquire.
  • 2 (Oct, 2018). ‘Data Breaches Compromised 4.5 Billion Records in First Half of 2018’. Retrieved from Gemalto.
  • 3 Blech, R. J. (May, 2018). ‘How IoT is reshaping the cybersecurity landscape’. Retrieved from IoT Agenda.
  • 4 Burgess, M. (Feb, 2018). ‘What is the Internet of Things?’. Retrieved from WIRED.
  • 5 Burgess, M. (Feb, 2018). ‘What is the Internet of Things?’. Retrieved from WIRED.
  • 6 (Nd). ‘Insufficient Transport Layer Protection’. Retrieved from Veracode.
  • 7 (Nd). ‘The 8 Biggest IoT Security Mistakes and How to Avoid Them’. Retrieved from Praetorian.
  • 8 (Nd). ‘The 8 Biggest IoT Security Mistakes and How to Avoid Them’. Retrieved from Praetorian.
  • 9 Gerber, A. (Nov, 2017). ‘Top 10 IoT security challenges’. Retreieved from IBM Developer.
  • 10 Reif, A. (Jul,2017). ‘PKI vs shared secret as authentication mechanism in IoT’. Retrieved from Medium.
  • 11 (Nd). ‘The 8 Biggest IoT Security Mistakes and How to Avoid Them’. Retrieved from Praetorian.
  • 12 Gerber, A. (Nov, 2017). ‘Top 10 IoT security challenges’. Retreieved from IBM Developer.
  • 13 (Nd). ‘Cyber risk in an Internet of Things world’. Retrieved from Deloitte.