Get started Bring yourself up to speed with our introductory content.

How to successfully protect your organization from IoT cyberattacks

With an estimated 6.4 billion internet-connected devices currently in use, 2016 has certainly been the year of the internet of things. This movement has brought increased functionality, data and insights to everything we do, not only providing us more information about our day-to-day lives, but also improving and streamlining processes in industrial and commercial spaces.

But with this increase in IoT-connected devices comes an increased risk of cyberattacks. As many of these devices have never been connected to the internet before, it’s easy to forget that they are vulnerable to hacking. It’s also easy to forget that with this volume and diversity of devices connecting to IoT comes a myriad of applications needed to support them. As a result, development teams are under more pressure than ever to deliver applications as quickly as possible.

To meet this demand, development teams have begun shifting from the traditional “core IT” practices — which had time built in for testing and patching vulnerabilities in code — to practices that allow developers to constantly release and rerelease applications as they are developed and updated — leaving no time to test or monitor for potential flaws in security. To combat this, organizations must make security an organization-wide commitment, implementing tools and training employees on the best ways to protect themselves and their devices.

Implement a runtime application self-protection (RASP) program
For years, application protection has been handled by developers who, in addition to writing code, were responsible for testing, monitoring for and patching any vulnerabilities that they found. But as developers take more on their plates and hackers become more advanced, a deeper, more involved level of protection — that also eases the workloads of development teams — is necessary. Application-level security tools provide just that. Embedded within an application and running constantly, these tools monitor for, recognize and block attacks in real-time, ensuring an application’s safety with little to no intervention from development teams.

Be mindful of when new applications are connecting to a network and what their capabilities are
With new products being added to IoT every day, it can be easy for an organization to lose track of all of the devices connected to servers and networks. However, it is important to remember that every connection — from building management systems and office equipment that tracks activity within your space to employees’ personal and professional devices — has the potential to be an entryway for hackers. And in the case of IoT-connected devices, not only does this put potentially sensitive information at risk, but it can also have real-world effects if hackers are able to gain access to the right device. To combat this, organizations need to actively be aware of and monitor all connected devices and train employees on the dangers of hacks. Making security an organization-wide initiative will benefit both the business and its employees.

Understand when it is and isn’t necessary for a product to be connected to IoT
As with any exciting technological movement, it’s easy to get caught up in the latest and greatest. While there are many IoT-connected devices that add value in a workplace, such as intelligent systems that can monitor and adjust temperature and light levels depending on occupancy, or keycard-operated locks that help to keep non-employees from entering a workspace, there are many products that simply do not. When determining whether or not to purchase an IoT-connected device, organizations must weigh the risk to the business if the device is compromised against the benefit of having internet access. Being selective in this process will not only help to reduce risk, but also protect the organization from a potentially unnecessary and costly investment.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.