Claritas on… Keeping Your Organisation Safe From IoT Vulnerabilities
2020 was an unusual year that led to a shift to remote working for millions of people around the world. This transformation opened the door for IoT (Internet of Things) devices and systems within employee’s homes to penetrate the security perimeter of many organisations.
According to tech analyst company, IDC, by 2025, there will be 41.6 billion connected IoT devices in total. Whilst that offers huge opportunities for businesses, the lack of security of IoT devices means that companies and individuals may be exposed.
The risk with the increase in IoT devices is down to the vast amount of sensitive data generated and shared. Businesses are being targeted through IoT devices as an entry point; access to secure networks has been gained via printers and VoIP systems amongst other connected devices.
The challenge to organisations
As the growth of IoT rapidly increases, the challenge of keeping organisations safe from cyber-attack is greater than ever.
IoT has many benefits in both the public and private sectors, from smart cities and transport initiatives to healthcare and smart home devices, however, the ways in which data is being used, and how IoT devices connect to networks, can pose serious threats.
Organisations must be aware that an IoT device is never fully secure and, as such, must ensure that the appropriate safety controls are in place, in particular by focusing on preventative strategies to minimise attacks, and continuity planning in case the worst does happen.
Securing the Internet of Things
Cyber security experts have suggested that the way to ensure IoT is secure is for developers to create more secure devices in the first instance and additionally make improvements in internet security.
We must move from the Internet of Things to the ‘Secure Internet of Secure Things’. First, we must build Secure Things – devices, software and services with few vulnerabilities, that are securely configured and automatically updated. Of critical importance, cloud services must come with security embedded and not as an up-sell.
Second, we need the Secure Internet – automated collective defence must be built into the network, so that the Internet ecosystem can react as the body does, recognising infections and fighting them off. We must build Internet Immunity.
Philip Reitinger, President of the Global Cyber Alliance
How to protect your organisation
Whilst the cyber security industry calls for the security of devices to be improved, connected devices can still be used securely if adequate safety measures are put in place. There are some simple preventative measures companies can take, to minimise the risk to their businesses as well as solutions to help them identify and respond quickly to threats:
- Look to improve the security of your whole network – a weakness in one part can impact the rest
- Carry out routine checks on your network, endpoints and applications to identify and fix any network vulnerabilities, protect against cyber threats and maintain online security
- It is critical to realise that IoT security isn’t just the concern of those focused on IT and security; it must be prioritised by employees at all levels
- Ensuring your company adopts best security practices is the key to minimising the risks associated with security breaches, such as deleting old user accounts, implementing company policies on access and passwords, backing up data, securing physical and cloud databases, checking routers and networks.
IoT is different from other technologies because it’s always on and always listening and relies on connecting to the internet, therefore is never fully secure. To protect your organisation, a thorough safety and security review of IoT devices is necessary as well as regular checks and good ongoing cyber security practices, to ensure your network is as secure as it possibly can be and not exposed to attack.
To get in in touch to discuss how Claritas can help you protect against IoT vulnerabilities, contact us via: firstname.lastname@example.org or get in touch on social media: