We call them “smart” devices but when it comes to hackability they are rather dumb. Smart gadgets are great for making our lives more convenient but they aren’t great for cybersecurity. “[Internet of Things (IoT)] devices are more vulnerable to cyberattacks than traditional tech because they often lack the processing power needed to run even basic security software,” states Angel Fernandez with Security Boulevard. Fernandez continues, “Cybercriminals exploit multiple vulnerabilities in smart devices and often use them to get access to entire networks.”
IoT security is already a huge issue and it’s going to become a bigger issue as there are projected to be 25 billion connected devices by 2021.”You might think nobody cares about your smart TV, but once it’s connected to your computer where you have all your data and credentials, all of a sudden it becomes an interest,” says Sivan Rauscher, co-founder and CEO of SAM Seamless Network. “Whatever the weakness in the device is, a vulnerable IoT product can potentially provide hackers with an easy way into other devices connected to the network,” states Danny Palmer.
At the forefront of IoT legislation, California and Oregon have both introduced new laws requiring “reasonable security features” on IoT devices. According to Fernandez, “The law requires IoT device manufacturers to equip each connected device ‘with a reasonable security feature or features’ that are 1) appropriate to the nature and function of the device; 2) appropriate to the information the device may collect, contain or transmit; and 3) designed to protect both the device and any information it contains from unauthorized access, destruction, use, modification, or disclosure.”
“Folks can keep their smartwatches, smart closets, and whatever else they think is making them smart,” wrote Deepen Desai, Zscaler’s vice president of security research, “Banning devices is not going to be the answer here. The answer is changing up the narrative on how we think about IoT devices from a security and risk standpoint, and what expectations we put on manufacturers to increase the security posture of these devices.” Desai said the solution is “taking a zero-trust mentality. It’s about security people not trusting any person or device to touch the network—that is, until you know who the user is, what the device is, and whether that user and device are allowed to access the applications they’re trying to reach.”
Besides a “zero-trust mentality” how do we secure our IoT? Here are a few steps provided by Stop.Think.Connect. and the National Cybersecurity Communications Integration Center (NCCIC):
- Evaluate your security settings. Make sure your settings are such that they don’t put you at an increased risk of a cyberattack.
- Ensure you have up-to-date software. Software manufacturers often issue patches to fix vulnerabilities in their products. Make sure you have the most up-to-date software on your device to ensure those patches are made.
- Connect carefully. Consider carefully whether continuous connectivity to the internet is needed as being connected leaves your device vulnerable to attack.
- Use strong passwords. Choose strong passwords to help secure your device.