IoT – Do not panic, take control

The Internet of Things (IoT) is not going away – and attacks that exploit device vulnerabilities are only going to increase over the coming years.

So, what does “The Internet of Things” mean to you? Well I guess it depends on who you are and what job you do in your organisation. If you are a Network Security Manager, the IoT is something that’s going to be a major concern to the security of your network on an ongoing basis. For everyone else it can be defined as devices that are going to make your day to day life easier, more convenient, and connected.

According to Gartner, more than half of major new business processes and systems will include an IoT component by 2020.

So, what is an IoT device? Over recent years devices that are so called IoT devices include;

light bulbs, door locks, thermostats, fridges, cameras (both DSLR and IP), cars and even pacemakers – the list is almost infinite. Most IoT devices do not have any security built in and very seldom do these devices get patched, causing vulnerabilities.

The key to a successful IoT implementation is visibility, management and security, after all you can only manage and secure what you can see and what you know about. Herein lies the biggest challenge to businesses. More often than not the Network Security Manager is not aware of IoT devices that are being planned and purchased within an organisation. Will the canteen manager contact the NetSec Manager in regards to a vending machine being installed, that calls home when it needs refilling or a so called smart appliance?

This can be the case for all sorts of business units within an organisation, such as, warehouse, manufacturing and marketing etc.

Already there has been some major data breaches that have been caused due to vulnerabilities in IoT devices. US Retail store Target, were attacked in 2013 with the attacker stealing 40 million credit card details via an air-conditioning unit portal, where hackers stole the password to the control portal and backed into the network.

In 2016 the “Mirai Botnet” exploited vulnerabilities in old routers, IP Cameras and other IoT devices. Mirai was a botnet that launched a DDos attack on DNS provider Dyn, causing websites like Spotify, PayPal and Twitter to crash.

These attacks could have been prevented, if these companies employed a network security solution, offered by companies such as macmon. Macmon focus on Network Access Control and provide a complete overview of the entire network at all times. Find out more on macmon and how they can help your company take back control of your network.