Recently, while hitching a ride home with a friend, a bell rang through the car speakers, which turned out to be a notification that we were arriving at a frequently visited destination. It surprised and impressed me. I couldn’t help but think about all the recent and significant breakthroughs of technology integration within the auto industry – if Henry Ford could only see how far we’ve advanced his vision for automobile manufacturing…
Much excitement has been generated about the concept of the Internet of Things (IoT) for home and the workplace. What’s not to like about one’s ability to interconnect with devices, systems and software, in an effort to improve efficiency and drive down costs for our organizations? But as a cybersecurity professional, I also know that we must not forget to make security current, adaptable, relevant, and the cornerstone of our enterprise. Increasingly, widespread deployment of the IoT will place new demands on communication infrastructures and services, and may not account for baked-in vulnerabilities and poor security practices by IoT developers and manufacturers.
This is Week three of National Cyber Security Awareness Month (NCSAM) 2017 – Today’s Predictions for Tomorrow’s Internet. As a NCSAM Champion, we at Secure Halo offer steps for sound spectrum policies essential to support IoTs future growth and enable businesses to innovate.
Opportunity and Risks of IoT
Today, our organizations are comprised of Internet-enabled devices that include: computers, security cameras, alarms, printers, elevators, safes, thermostats, auto-controlled printers, and fuel monitoring systems. New technologies, like motion-detecting lights, drones, and even self-guided robots that simulate an in-person meeting with the boss, are being introduced each day. All of these devices collect large amounts of data about your organization, an enticing trove of information for cyber criminals.
Multiple federal agencies, including the Department of Homeland Security (DHS), Federal Bureau of Investigations (FBI), and the National Institute of Standards and Technology (NIST), have issued warnings about security risks posed by IoT. As the FBI said, “once cyber criminals find a way into your home or business through cyberspace, they can move laterally and compromise your network devices, including routers, laptops, phones, tablets, and hard drives to steal your personally identifiable information, identify bank account logins and credit card numbers, send malicious and spam e-mails, abscond with proprietary business information, interfere with business transactions, engage in digital eavesdropping, etc.”
Consider your organization’s BYOD policy, and how critical intellectual property is exposed to personal devices that are likely being secured by the same passwords that are used for multiple platforms within your organization. Securing the enterprise, especially in an IoT world, is a foundational principle that goes far beyond just maintaining a competitive advantage in the ever-evolving world of business. At Secure Halo, we highly recommend that organizational leaders embrace and apply security at the highest levels, so that security becomes integrated into the core of the organization’s culture.
The following practices are proven concepts that can assist your organization:
Leaders
Talk about security – Communicate security and risk issues, utilizing all forms of messaging within your organizations. Discuss and share your knowledge on recent, significant and sophisticated breaches, and solicit feedback and input from your employees. Encourage incident response teams to engage the organization by informing on trends, after actions analysis, etc.
Clearly identify responsibilities – Everyone is responsible for security, therefore, emphasize the procedures that are in place for reporting incidents. Identify personnel that are meant to assist in the event of an incident.
Enforce strong policies – Constantly update security policies that embody the latest industry standards and practices. In addition to this, seek new methods to help secure the enterprise through internal employee feedback. Global, voluntary standards developed by standard-setting bodies or industry consortia are essential to the interoperability and growth of the IoT ecosystem.
Devices
Consolidate whenever feasible – Assess your organization and determine which devices are used most, and phase out those no longer serving much purpose but which can still leave you exposed to vulnerabilities due to negligence and a lack of usage.
Standardize Vetting – Ensure that your IT departments are aware of new internal and external devices that are connecting to your network. Review them in a test environment before rolling out to the entire company.
Guidance
Seek out information – Information sharing and analysis centers (ISACs) are a central resource for information on cyber threats. Also, federal agencies have published specific guidance for IoT developers, manufacturers, and consumers. Check them out to harden your organization’s security.
DHS Strategic Principles for Securing the Internet of Things
NIST Special Publication 800-160
FBI Internet of Things Poses Opportunities for Cyber Crime
NCSAM Inside Your Connected Home: Protect Your Always-On Family