Security in the Internet of Things

We are moving to new era for internet, which is Internet of Things (IoT). When you could take advantage of internet, network, computers, cloud in things like controlling elevator, playing music, building super smart home, smart cars and so on. It is new and great opportunity when internet, computer and cloud work together to control things and objects. You think about new opportunity like better energy management, better transportation and automation in many areas. Since concept of IoT is very interesting and there are many opportunities in this area, it is expected to see a lot of grow in this area and you will see more and more things around you which take advantage of IoT. From all good sides and opportunities, there are dark sides which is giving more advantages to cybercriminals. So if hackers and cybercrime organizations could broke into your company’s network and steal some data, this time they could shut down your elevators, turn off all lights and electricity in your building, stop your transportation system and do worse. There were cases of cybercriminals manage to turn off light of a city or stop make disruption on transportation system , but since using internet and computer was not so much involved in that area in that time, their damages was limited . However, when you consider IoT, you are giving more power to internet and computers to control many things and it is dangerous. Question is how we could protect ourselves against security threats in IoT?

In order to protect yourself against such a threat, you will need to concentrate on stable operating system to manage and control your things (transportation system, elevator, servers, etc.). You should rely on operating systems which they bound to standards and regulations in your country and they are in good security conditions. Which means, in case of disasters or 0-day problems, they have solutions to handle it properly and rapidly. You also should come up with your own incident response plan, what will you do if hackers take over your entire network? Do you have any backup servers which you could temporary switch to there and shutdown your current servers? Do you have any agreement with government or security experts who could assist you with incidents such as helping you to resolve your security problems immediately and rapidly? You should always have a backup plan to turn off your internet and continue operating in local network and without rely on internet in case in incidents for some period of time. When you go for public cloud services, make sure to select a reliable cloud provider which followed best practices and standards and they have good plan to keep your environment secure and running. One good example of trusted public cloud provider is Microsoft Office365 which followed Security Development Lifecycle and they have incident response team which they will act in case of incidents to mitigate threats and response to unknown threats. You should also setup a risk management plan, list down all things and objects affected by IoT architect and the degree which IoT control them and come up with a table containing things, their relations with internet and network, your network infrastructure and risks. Then fill up the table and think about ways to mitigate them. Hybrid model would be a good practice so if in your model public cloud part been compromised, you could switch to private cloud or vice-versa.

IoT gives new opportunity to businesses and cybercriminals. As business owner you should take this opportunity to makes things better while you should look into risks and prepare to mitigate them.

Advertisements

Comments are closed.

%d bloggers like this: