Defending Against IoT “Accidental” Insider Threats

Protecting a network from insider threats isn't a new problem, but the growing complexity of IoT networks increases the likelihood that accidental threats may be introduced by well-meaning insiders. Recognizing where these vulnerabilities exist and taking steps to reduce the risks involved are necessary to build a more secure future for the connected world.


When considering insider threats faced by the Internet of Things (IoT) systems, few will be surprised to learn that protecting a network with a growing number of connected devices from a maliciously motivated insider is becoming increasingly problematic. Insider threats aren’t a new problem—cybersecurity professionals have been defending against them for years—but the complexity of modern IoT networks increases the likelihood that accidental threats may be introduced by well-meaning insiders.

Recognizing vulnerabilities in an IoT network and taking steps to mitigate risks, both accidental and malicious, is critical for #IoT implementers. || #IoTForAll #CyberSecurity #Security #Infosec #Hacker #Privacy Click To Tweet

In industrial and enterprise settings, investments in IoT technology are usually intended to solve a business problem and to respond to commercial pressure to optimize operations through innovation. There is enormous pressure and demand for data originating from critical, real-time operational networks. In an increasingly data-driven world, organizations need to extend those networks outward so their data can be analyzed and utilized to inform business decisions.

The humans interacting with these systems are often under similar pressure. Most insiders are motivated by operational duties like uptime performance and product quality, but they are less concerned about security. Although cybersecurity professionals are well-acquainted with the vulnerabilities inherent to IoT solutions, many of the decision makers in a position to impact those vulnerabilities aren’t. This can have an impact that reaches far beyond what you might expect.

The Consequences to Making Your Workday Easier

For instance, suppose you’re a contractor conducting maintenance on an industrial plant. Remote administration of the plant might serve to shorten the downtime window, but an unsecured VPN still using its default username and password could give an attacker an easy access point to your network. This is how the infamous Mirai botnet operates: by taking advantage of large numbers of devices using default credentials that hackers possess. Although this vulnerability is well known to security experts, the pervasiveness of the problem makes it difficult to eradicate.

Even the weather can have an impact here—that’s right, the weather. Maybe you want to avoid a muddy walk to an isolated pump controller after a rainstorm, so you connect a wireless access point to enable remote access. Unfortunately, connecting that router you bought from Best Buy to an outbound ethernet port on a pump building might also leave you similarly open to attack.

The massive increase in interconnectivity we have enjoyed, thanks to the internet, has provided many benefits, including the ability to remotely work from home, but it’s important to take the security risks into account. Connecting an industrial controller to the public internet might enable your staff to configure settings from home, but critical industrial controllers can be found using the Shodan search engine—a search engine that crawls the internet for publicly accessible devices. While this is a useful tool for cybersecurity professionals, it’s also one that can be easily abused by cyber criminals.

All three of these examples have something in common: they all represent threats to highly connected IoT environments caused by insiders with no malicious intent—just a desire to do their job more efficiently and effectively. In today’s interconnected world, that’s often all it takes to create a damaging breach. It’s important for employees to understand the vulnerabilities that even the smallest negligent action can cause.

Building a Safer IoT Environment

We design modern roadways with barriers so that drivers can’t enter or create unsafe conditions, even if they want to. Jersey barriers, guardrails, and other safeguards work to ensure that even the most negligent drivers can’t stray too far from the road. In order to create similarly safe conditions for IoT, security design needs to do the same thing.

IoT devices need to have strong authentication methods, so they accept instructions only from where they’re authorized. Accidental exposure to the public internet through dual-homed workstations or other means must be mitigated by forms of authentication stronger than static credentials, such as username/password or symmetric tokens.

Public key infrastructure (PKI) is one such form of authentication that is likely to see significant growth in the near future. Although PKI gained a negative reputation due to past mismanagement, today’s PKI represents a secure and cost-effective solution for organizations seeking a comprehensive security solution. Although there is no magic pill that will solve every problem, each new security measure can go a long way toward mitigating risk.

Security Challenges in Internet of Things

There’s no shortage of technology available that can reduce the vulnerabilities associated with IoT devices. Recognizing these vulnerabilities exist and taking steps to reduce the risks involved are a necessary part of creating a more secure future—one better protected from both malicious and accidental threats.