Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

What everyone ought to know about IoT security

by Staff GBAF Publications Ltd
0 comment

 

By: Muhammad Yahya Patel, Security Engineer and Office of the CTO, Check Point Software

Internet-connected devices are all around us, in our homes and businesses. Smart cities already exist and continue to be a key talking point amongst many governments. This infrastructure, technology, and automation brings connectivity and efficiency to many aspects of daily life.

But there’s two sides to a coin, right? The other side of IoT can be quite dark. Think about the darkness that surrounds an attack on critical infrastructure, medical environments, manufacturing, business operations or your home environment.

IoT as a security risk

IoT devices should be a concern for organisations, governments and let’s not forget, individuals. The purpose of these devices is to provide connectivity and accessibility to services. Security is not at the forefront of building these devices and that’s why there is an inherent risk from the get-go in terms of deployment of these devices.

The security of IoT devices in our homes, and organisations calls for careful consideration when you reflect on the risk component.

Here are my top 5 considerations when it comes to IoT:

  • Unmanaged devices on the network. How do you protect something you can’t see? If you can’t see it, how do you know what it’s doing on the network. Is it normal or abnormal?
  • Software bugs. Does the device manufacturer provide software updates? What risks are posed by any vulnerabilities on these devices?
  • Network security. Lateral movement from an IoT device? If a device is compromised, how is the network segmented to isolate the device?
  • Device policies. Common default passwords or lack of security admin features? What’s your policy to keep these devices protected?
  • Physical security. Are these devices accessible physically or through software in close proximity? What measures have been taken to protect the device? Does it hold sensitive data?

These are some of the things that come to my mind when I think about what should we be thinking and talking about in relation to securing IoT devices.

IoT is becoming a top concern for governments worldwide and in 2021 the UK Government announced the Product Security and Telecommunications Infrastructure Bill, which is currently making its way through the UK Parliament.

The bill is welcomed by the security community, as it will give powers to mandate security requirements for smart devices. “Consumer connectable products” is how the government has described the products under this bill. A whole range of devices from connected appliances to automation devices, smartphones and many more are addressed within the bill. The full list of devices and details about the bill can be viewed here.

Consumer IoT products

Consumer IoT products are used in many enterprises. Therefore, the bill will benefit businesses. We know IoT products can be an entry point for an attacker to steal information and perform further attacks on the network.

As we adopt more technology in businesses and our homes at a faster pace than ever before, the challenge remains the same and we need to play our part to make sure we aren’t leaving the door open for attackers to make their way in.