Reality often does mimic fiction. If sleek, captivating, and imaginary tech of the future is part of a feature film or Netflix series, researchers, technologists, and scientists from all spheres will put forth their best foot forward to make it come true. 

After all, there is a strong link between creativity and science. Science is concerned with finding innovative solutions to everyday problems and creativity is everyday innovation – a mind unrestrained by shackles. When creativity and science meet – magic ensues. 

When the medievals and ancients wrote about magic, what they were unconsciously alluding to was technology, the light bearer of progress. 

Quickly skipping ahead a few thousand years, Internet of things has put forth a connected world of objects – something which we have seen visualized by the creative geniuses of art, literature, and film, over the course of the last century. 

Everyday objects from microwaves, fridges, and teapots are becoming internet enabled. Temperature control in corporate premises is adaptive – it adjusts to external temperatures, smart bells provide information on visitors, and cola stations send notifications to their administrators when they need to be refilled. 

IoT-based security is personal 

All of these are breakthrough tech but bound to make some people extremely uncomfortable. A peeping tom looking at your child via a baby monitor, or an outsider looking into your home through your home security cameras is a real possibility. IoT brings along with it a plethora of privacy concerns that need to be addressed. 

Hackers typically have monetary gain and corporate, or government-targeted espionage in mind when they execute attacks. Malicious actors targeting IoT devices are more apt to look at these devices as a means rather than an end in itself. They could utilize them as a beginning point for lateral attacks. 

Attackers could leverage several such devices in a DDoS attack, or utilize them as a pivot point to obtain targets with more value on the network. 

The challenges facing IoT security 

IoT devices have been developed to function on networks. In bigger organizations, IoT units merely wind up with connections to the web and minimal administration or supervision. Few IoT units might even transmit rudimentary telemetry to the device producer or have protocol to obtain software updates. 

This is a setback for security units as such devices still need to be detected. In the majority of scenarios though, the security units or security operations center aren’t aware they are present on the network.  

This implies that the prospect for security weaknesses that can be directly breached by hackers to compromise your vital systems moving in a lateral manner within your network is immense. 

Amplifying the dangers from minimal visibility, it should also be considered that IoT-enabled devices typically have proprietary unique interfaces, and embedded operating systems. This makes it challenging for security units to detect if they are using vulnerable software or dealing with misconfigurations.  

Security patches are usually unavailable, and even when available, the IoT units have no native capability for remote patching.  

They might be physically isolated, otherwise not accessible, and downtime might not be an option. Another problem with IoT security is the utilization of hard-coded or default passwords.  

The Mirai botnet attack of 2016 demonstrated exactly how vulnerable organizations are with regards to their IoT hardware security.  

Mirai circumvented login protocol by utilizing often used default username/password combos and was able to accumulate an entire population of compromised IP cameras and routers, completely under its control. In 2016, it was the most impactful DDoS attack which the planet had ever seen. 

Visibility is at the base of IoT security 

To keep your IoT network secure, you need to be aware of what devices are on the network. Obtaining a correct, ongoing, and updated inventory of all the IoT and non-conventional assets in your organization is the basement that your security positioning is built upon. 

After you have obtained an accurate overview, you need to look into the risks and drawbacks these assets bring to your security positioning. With this data only, will you be ale to assign priority to actions that you need to carry out to minimize risk? 

Minimizing risk is the name of the game. 

References 

https://securityboulevard.com/2020/03/an-eye-on-iot-security/