The Risks of Unsecured IoT

Bsquare Corporation
IoT device security
Illustration: © IoT For All

According to British insurance company Lloyds, companies are losing over $400 billion per year because of cybercrime. The worst thing? That’s just the tip of the iceberg. When you factor in all the money and data that are stolen and not reported or goes completely unnoticed, you’re seeing a loss at a global scale due to device security risks that’s almost incomprehensible.

And it’s just getting worse, not better.

While we’re all becoming more connected to one another and IoT allows business processes and systems to become more connected, hackers are targeting weaknesses in these systems at an alarming rate.

Other than stealing money directly, leaving your connected devices unsecured or vulnerable can lead to the following risks:

  • Reputational Damages – This is a considerable risk to companies that invest millions in customer care. Websites can be defaced, clients targeted, personal data leaked, etc.
  • Safety Risks – Anything related to safety has significant implications for companies that use automated monitoring systems for their processes, equipment, or machinery.
  • Loss of Service and Production – If you can’t help clients, access your data, or operate equipment and processes, it’s costing you a lot of money.
  • Weak Point – It can create a weak point in your entire system which can then be used to access sensitive data.
  • Personal Data – Weaknesses can expose personal data and sensitive data that can be accessed and leveraged.  

In one sensational example of exposing and utilizing a weak link in the system, hackers used a fish tank to steal data from a North American casino. Now, casinos are renowned for their high levels of security, but in this case, it was a smart fish tank connected online to monitor temperature and feeding which proved to be the weakest link in the chain.

Hackers gained access to the fish tank and, from there, the casino network, and then they stole over 10 gigabytes of data before the breach was detected.

So, what can you do to address these risks? You’d be surprised at how much you can do!

How To Make Sure Your Devices Are Secure

There are various ways to mitigate device security risks, and many of them are not only simple but also effective.

Make Security A Priority

From the beginning, making security a priority should be at the top of every checklist. Incorporating security at every step, from product design to implementation, is vital.

Top 3 things designers should consider when building a new device:

  1. Device Design – How will the design of the device impact its security?
  2. Deployment – Where will the device be used and how?
  3. Operation – How is the device used and accessed, and who has access to it?

Create Threat Modeling Scenarios

Threat modeling is a structured step-by-step approach to identifying and prioritizing any potential threats to your system. For example, where will the device be, and who has access to that device? Where is data stored and how is it accessed?

Once threats are identified, you then examine any potential mitigations to those threats, evaluate their cost and effectiveness, and determine how you would implement solutions quickly if that threat were realized.

Create a Vulnerability Disclosure Policy 

Creating a vulnerability disclosure policy can be effective and valuable. They leverage information that security researchers and ethical hackers find and provide ways for them to communicate weaknesses in your systems. Once potential weaknesses are identified and communicated, you can pivot quickly to fix the issue, track and monitor all threats, and then thank the group that helped you identify the problem.

Wouldn’t you prefer that someone ethical identified potential threats before someone with malicious intent did?

Track the Life Cycle of Devices

Successful installation and implementation shouldn’t be where your monitoring ends. It should be the beginning! It’s vital to track the life cycle of your devices and ensure that they are being regularly updated, maintained, and monitor when they reach their end-of-life and can no longer be updated to meet current threats and security requirements.

Consider whether devices can be fixed or updated in-house or whether those devices will need to be sent out to be repaired or updated. What happens to that device when it reaches its end of life? Often, hackers gain access to systems by restoring old devices which still have access to systems. Make sure you have a policy in place to wipe old devices and dispose of them safely.

Never Use Default Passwords

Whenever you’re setting up a new device, what password do you use? It’s easy to get a device set up using the default passwords and usernames, especially in time-sensitive scenarios or if you are installing a lot of devices at once during an upgrade.

Hackers are constantly looking for devices such as printers and scanners, which have been incorporated into a system using default usernames and passwords.

In one case, over 28,000 unsecured printers were accessed to demonstrate the importance of securing all devices. The printers were then instructed to print out a five-page guide on the importance of securing all devices connected to a network.

The Risks of Unsecured IoT Advancements | Conclusion

Addressing device security risks sooner rather than later will only pay dividends in the long run. The best part of an effective security system is that you’ll never know how much it saved you because you won’t have to deal with expensive breaches to your systems.

Cybersecurity worldwide is quickly transitioning from “should do” to “must do” as governments implement cybersecurity acts such as the Privacy Act in the United States, The General Data Protection Regulation (GDPR) in the EU, the ETSI Cyber Security Baseline Requirements, and the US Strengthening American Cybersecurity Act.

Ultimately, better cybersecurity creates a better user experience (UX) which means happier and more satisfied customers, which ultimately leads to increased profit and reduced costs.

Author
Bsquare Corporation
Bsquare Corporation
Bsquare helps companies build connected products that participate intelligently in their own security, deployment, operation, and management, allowing our customers to realize the full potential of a connected world. Our technology is powering de...
Bsquare helps companies build connected products that participate intelligently in their own security, deployment, operation, and management, allowing our customers to realize the full potential of a connected world. Our technology is powering de...