When it comes to suffering a data breach as a result of poor Internet of Things (IoT) security, the stakes have never been higher. The EU General Data Protection Regulation (GDPR) is just on the horizon and with it will come staggering fines for organizations that fall victim to the theft of customer data-up to €20 million or 5% of turnover, whichever is highest.
While last year's Mirai DDos attack demonstrated how hackers could use hundreds of thousands of internet-connected devices infected with malicious code to take down websites in the U.S. and Europe, more attention needs to be paid to just how dangerous badly-protected IoT device can be.
In fact, some security experts are suggesting that if we don't drastically change approaches to IoT security, IoT might just as well stand for "internet of threats," or even, the "insecurity of things." Clearly, companies need to do more to ensure that a proliferation of connected devices on the edge of their networks doesn't compromise the security of internal information technology (IT) systems.
Three steps to better IoT security
The concept of "security by design" is a crucial component when it comes to the creation of IoT-connect devices. Any piece of IoT technology, whether it's for business or consumer use, should be created with security as a fundamental component. What's more, companies need to be aware of the technology solutions out there that are designed to protect IT systems and devices from security breaches. But looking beyond this, there are three simple steps that every company should be taking to protect their IoT systems.
1. Choose the providers of IoT devices carefully
It is critical to do due diligence when choosing an IoT device provider. Ensure it is a well-known and reliable supplier, likely to be around for the long term. IoT devices need to be updated regularly, especially when a new security flaw is discovered. If you bought from a company that has gone bust, you'll end up with a device that is basically useless. Buy from a manufacturer that will be around for years to come so they can provide patches and fixes to any security bugs that may arise and in a timely fashion.
2. Invest in a network analysis tool
It is not enough, though, to just rely on suppliers. It is also important to invest in a network analysis tool to monitor activity and quickly identify potential security issues. Not doing so runs the risk of missing instances of information being accessed without permission or at unexpected times. These signs can point to a breach of your IT system through IoT devices.
3. Make network management protocols a priority
Connected devices often come with an in-built protocol from the manufacturer that will allow you to monitor internal activity-but this often isn't enough if you're looking for robust security. For businesses, it is crucial to choose IoT devices that support simple network management protocols (SNMP), the worldwide standard for network management, allowing them to be monitored by intrusion detection and prevention systems. This way, you will have more detailed and comprehensive monitoring and analysis of a device, and be able to pick up on any unauthorized attempts to access it.
Security can't be an afterthought
At the end of the day, the number of IoT security breaches is only going to grow. As such, securing connected devices can no longer be treated as an afterthought. If we're ever going to realize the full potential of the technology, companies need to ensure they've made security a priority from the very beginning.
George Smyth is director of R&D software at Rocket Software. This article originally appeared on Internet of Business, a CFE Media content partner. Edited by Chris Vavra, production editor, Control Engineering, CFE Media, cvavra(at)cfemedia.com.