« Back to Facilities Management Security Category Home
Steps Companies can take to Secure IoT Devices Against Hackers
December 13, 2016
- Security
By Veikko Ylimartimo, Tosibox CTO
The Internet of Things (IoT) is already delivering a variety of operational efficiencies to organizations. This reality also creates the need for improved security to protect these essential business connections. In recent months, we have seen internet-connected devices and systems hacked, hijacked and used for large-scale denial of service attacks around the world.
IoT devices that connect to the internet using public IP addresses, port forwarding or DynDNS-type services are easy targets for cyber criminals. The simple fact remains that these types of connections, while common, were not designed to stand up to the threats of today’s open internet. Simply put, it is no longer safe to connect IoT devices directly to the internet.
Cyber-attacks against IoT devices can be categorized in any number of ways:
Industrial espionage: Hacking into a system and changing settings or gathering information.
Sabotage and interfering with a company’s operations: Focusing a distributed or single source denial of service attack against devices in the system; the typical result of which are the connection to, and within, corporate networks becoming disturbed or lost.
Hijacking of devices and resources for use in other illegal activities: In other words, using devices within a system as an accessory to conduct a distributed denial of service (DDoS) attack against a third party, creating software crashes and disabled functionality.
We saw the results of this third kind of attack in October when Dyn was targeted with a malware called Mirai and sites like Twitter, Netflix, Spotify and Reddit were rendered unreachable. Prior to the attack, the malware scanned the internet for routers, cameras, DVRs and other IoT devices protected only by the factory-default passwords. The hackers were then able to use thousands, even hundreds of thousands, of devices and more than 600 gigabytes per second of traffic to create chaos.
More and more connected devices come online every day. We can expect these kinds of cyber-attacks to become increasingly common. But there are ways organizations can protect themselves, including:
- Employing automation systems and devices that are not connected to the internet via public IP address, port forwarding or DynDNS-type services. Systems should always be protected behind a secure firewall via an intelligent remote access and networking device.
- Automatically identifying and authenticating remote users so only authorized users can gain access
- Requiring strong encryption on all connections to and from the internet
Research company Gartner predicts that IoT security requirements will make up 20 percent of annual security budgets by 2020. Despite that, fewer than half of organizations utilize any of the most common controls for IoT, with analysis of logs and event alerts being the most commonly used. Gartner recommends IT leaders in charge of IoT deployments engineer security to minimize the loss of sensitive data, exposure to fraud and service disruption.
The TOSIBOX Lock is an intelligent remote access and networking device that serves as an endpoint for secure remote connections. Devices connected to the Lock are securely accessed over the internet and LAN and WAN networks through an encrypted VPN connection. The Lock is NAT and firewall friendly, with a patented Plug & Go connection that allows the Lock to be put into use in less than five minutes without the need for software installations, network configuration or special skills.
Ensuring strong encryption, authentication and completing regular security updates can help manufacturers reap the benefits of IoT technology without fear of attack.