IoT Devices A High-Security Risk

What foundational steps are needed to secure an IoT environment?

1. Inventory - In order to secure the IoT environment, organizations need to know the inventory of devices and device types in use. This also means an automated way of identifying devices in the domain.
2. Classification of inventory - Inventory is further classified by type and business function.
3. Assess the risk - Risk assessment is the beginning of the process.

What devices show how the internet expands beyond computers?

Below is a list of a few devices that support the expansion of the internet beyond computers.

Why are insecure IoT devices an easy gateway for attackers?

Organizations and individuals connect devices to their networks. But if a device is not secured properly and is discoverable on the network, it can become an easy gateway for hackers.

The enterprise use of IoT includes industry-specific devices used in healthcare and devices used in industries like smart security systems. This industrial IoT can involve a combination of sensors, Wi-Fi networks, big data, and data analytics to optimize processes.

One of the biggest issues with IoT is security, especially as sensors collect data and transfer it across networks and to manufacturers. The basic design of some IoT devices lacks security considerations such as encryption of data in transit and at rest. Risks of espionage, vandalism, theft, misuse, hacking, and fraud are higher when industrial machinery connects to IoT networks. Software flaws and limited patching capability can further increase risk. There is also compliance risk involving privacy and private healthcare data.

What are five infamous IoT hacks?

Below are the five infamous IoT hacks:

1. The cyber attack related to the Mirai DDoS botnet
2. A data breach related to a children's toy
3. The Devil's Ivy Rube-Goldberg attack
4. Wi-Fi baby hard monitors
5. Virtual carjacking

What guidelines can organizations follow to deploy IoT devices more securely?

The OWASP Top 10 IoT Security project (2018) provides basic-level guidelines for device manufacturers and developers to create secure solutions (refer Figure 1). Consumers and organizations should also ensure security considerations are central while selecting and deploying devices. Here are some guidelines for organizations:

1. Update BYOD policy to include IoT devices and provide a list of approved IoT devices
2. Establish a research and approval process for IoT devices
3. Use strong encryption for Wi-Fi
4. Limit Wi-Fi use to approved IoT devices
5. Use isolated networks for IoT systems
6. Use strong, unique passwords and rename devices
7. Harden devices following vendor instructions
8. Update software immediately after release
9. Avoid public Wi-Fi networks
10. Use multifactor authentication when available

The 2018 release of the OWASP IoT Top 10 represents the top ten things to avoid when building, deploying, or managing IoT systems (OWASP Internet of Things Project).