Much of the national conversation about the internet of things has centered around connected consumer devices such as watches, cars and thermostats. Businesses don’t think about the cybersecurity settings of their photocopiers, yet 2016’s Mirai malware used hundreds of thousands of IoT devices to create a botnet that took down popular proxy server Dyn, and with it, nearly one third of websites globally.
In security terms, this is just the tip of the IoT iceberg.
The rapid and wide-scale adoption of connected sensors and IoT devices in manufacturing, healthcare, transportation and utility settings means that a broad swath of the global economy’s critical infrastructure is increasingly vulnerable to these attacks.
Small businesses in particular are confused about these shifts and uncertain as to the extent they are affected by IoT security issues. As a result, many are holding off on implementing connected technologies. Forrester predicts that security concerns will choke the growth of IoT adoption in 2017.
Yet despite this confusion, IoT isn’t going away, and has the potential to deliver significant business benefits to your customers. Helping them choose, design and deploy a secure IoT solution lets them gain valuable new business insights and efficiencies while protecting their data and infrastructure assets.
Security comes standard
It’s imperative to design security into an offering from the ground up. While it is (relatively) easy to design and ship an IP camera, for example, the ease at which one can be hacked from factory settings makes installing one an unacceptable risk factor to the network — and your customer’s business.
Regulators are becoming more aware of IoT security-related issues. In January, the Federal Trade Commission (FTC) filed a complaint against router giant D-Link, charging that the company had deceived users on the security of its products and failed to take steps to secure those products appropriately. This case has become a bellwether because the complaint was brought in response to the vulnerabilities themselves, not because of a breach exploiting those vulnerabilities. This is a sign that regulators are taking a more aggressive stance in demanding that connected device manufacturers take clear and sufficient steps in securing their products.
Tips for success
Here are some initial ways you can show your customers you mean business in IoT security.
- Hire and train the right talent: IoT can be a confusing buzzword. A job ad asking for an IoT professional may attract 10 people with 10 different backgrounds. Think instead about what your company does with connected devices and the specific skills it needs to design, manage and deploy those applications, systems and devices securely. Looking for and training people with IoT certifications is a way to validate those skills.
- Ship devices with unique credentials: Don’t make the same mistake that so many others have and ship connected devices with factory settings. Give each device a unique password, print that password on a sticker that’s included on the device itself. This significantly reduces the chances of compromise.
- Think beyond Wi-Fi: Wi-Fi is good for quick and dirty deployments. But for wide-scale installations in specialized vertical network environments like manufacturing or healthcare, consider using one of the many specialized communications protocols that are available to your engineers. Do all functions need to be performed on the device or can some be punted back to the network? Minimizing the need for the device to perform all functions and be connected to all traffic all the time can also reduce its threat exposure.
- Use open source strategically: Open source IoT software is easy, cheap and flexible, an attractive option for IoT startups looking to get product to market quickly. Yet security flaws can be exploited rapidly, and patches are often slow in coming. IT team therefore should be aware of the risks in using technologies that are based on open source code.
The internet of things is changing the way organizations in every industry do business. That can come with some uncertainty and risks. It also comes with clear benefits and opportunities. Your customers are looking to you to make sense of IoT and are counting on you to deliver a solution that is trustworthy and secure. With these tips, you’re on your way to being a trusted IoT security advisor to your customers. And that’s good for everyone’s bottom line.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.