‘Things’ need different security

The benefits of the Internet of Things are quite considerable. But, says JAYSON O’REILLY, when considering that many of these devices form critical parts of our lives, they all need to be secured differently.

Not too long ago, the notion that everyday appliances – home, office, medical – would be connected to a network and the Internet was far-fetched and futuristic. Today, however, it is a reality, and we are seeing a slew of devices connecting to the Internet and to each other – known as the ‚ÄòInternet of Things’ (IoT).

Jayson O’Reilly, Director: Sales and Innovation at DRS, says although the benefits of this phenomenon are considerable, the IoT brings many security risks. “These risks could be substantial, when considering that cars, pacemakers and critical infrastructure all form part of the IoT.

He says the number of IoT devices is in the billions already, and that number is growing exponentially. “Each of these devices represents another possible target for cyber criminals, or another possible entry point for threat attackers to breach the enterprise. The result is a flood of new attack surfaces that will be drowning the enterprise.

Another concern, he says, is that the vendors developing these devices do not have much experience with security, and while they might include basic security features, have not built proper security in from the ground up. “All these devices will make use of different operating systems, and will work on varying networks and a plethora of different systems. Protecting multiple devices, on multiple platforms, systems and networks is an incredibly daunting challenge.

In order to secure the IoT, the first step is identifying which devices are connecting to each other and the Internet. “Understanding the nature of these devices is the best basis for a strategy that will protect and manage them. Understand which devices are susceptible to malware infection, and figure out how these devices can potentially be isolated from the IoT. Malware is growing exponentially, not just in numbers, but in sophistication. It is crucial to ensure that IoT devices are guarded against any potential threats.

Devices that are IP-enabled function differently, and O’Reilly says it makes sense to secure them at a network level as opposed to an endpoint level. “In this way, existing intrusion prevention systems and firewalls can play an active role in securing these devices, as endpoint security for these devices is in its infancy.” He also advises to strictly enforce the principle of least privilege access to IoT data, devices and applications.

While the IoT has vast potential in terms of boosting workflow, business processes and general operations, there is little regulation surrounding the IoT, and with it, the data it will generate. As always with security, err on the side of caution. Businesses, the industry, security vendors and governments need to work together to limit the threat that goes hand in hand with the IoT.

* Follow Gadget on Twitter on @GadgetZA