Employing a Holistic Approach to IoT Security

Research from the McKinsey Global Institute states there are 127 new devices connected to the internet every second. With cybersecurity issues permeating the Internet of Things at an alarming rate, the commercial sector needs to advance its view of risk in order to minimize the number of threats associated with IoT devices. 

Commercial facilities involve retail, entertainment and media, hospitality, and public assembly. This sector relies on IoT devices to streamline industrial control systems and interactions with customers. Since there is a wide array of devices to secure and manage, the risks and potential cyberattacks could impact the physical and digital environment for commercial facilities.

Cybercriminals hack IoT devices by leveraging the access a device has to break into a network of other connected tools and devices. In a commercial facility, this could mean hacking a consumer’s IoT device through Bluetooth or wifi to manipulate a control system on the same network or to gain access to sensitive data. 

A Low-Hanging Target for Cyberattacks

Each IoT device can be a potential security risk. A compromised device could lead to a domino effect of consequences, putting consumer and corporate information at risk. 

In 2017, the “WannaCry” ransomware was used to attack thousands of computers and IoT devices around the world. The attack caused over $4 billion in losses. Many of the affected individuals said their files were not returned, even after the ransom was paid.

The common threats to IoT devices are malware, being denied of service, and structured query language injection (SQLi). As newer IoT devices enter the market with enhanced speed, interconnectivity, and access to 5G, tech firms must come up with better-fortified security solutions that protect users as the market continues to develop.

Navigating through vulnerabilities and risks

Since most IoT devices are mass-produced, their security features and weaknesses are widely known–making it easier for bad actors to infiltrate and manipulate the devices. Commercial sectors will soon utilize IoT the same way the healthcare industry does. Thus, it’s becoming more challenging for security teams to implement a security strategy that can be applied across the board. 

Despite the efficiency IoT devices provide, IoT tech receives fewer software updates and is unable to store anti-virus software. 

Security teams have to revamp and retrofit internal risk management programs to accommodate IoT technology. 

Building and strengthening an IoT security strategy

In order to improve the cybersecurity of IoT devices and the facilities that use them, there are steps manufacturers, regulatory bodies, and IoT users can take to strengthen overall security.

Manufacturers should consider the standards and compliance requirements for IoT security created by the National Institute of Standards and Technology (NIST). Along with the NIST Cybersecurity Framework (CSF), the Internet of Things Cybersecurity Improvement Act of 2020 crafted security standards, vulnerability assessments, and IoT guidelines for government networks and federal contractors to comply with. 

Creating secure IoT devices is essential to enabling a secure IoT environment. Enhanced regulation is a necessary step in the right direction and incentivizes manufacturers to create and innovate with security in mind. 

Security teams need to consider integrated risk management (IRM). This fosters cyber risk awareness at all levels and units. Since IoT devices connect all of an enterprise’s units, including its operational technology (OT) and informational technology (IT), an IRM platform has the capability to monitor secure enterprises across the board. 

With an IRM security strategy in place, commercial facilities will take on a more proactive cybersecurity approach. Continual internal audits and vulnerability assessments are necessary to ensure that all endpoints are secure and up-to-date. 

There are a number of smaller steps that can be taken by endpoint users and enterprises, including:.

  • Changing the default username and password associated with the device
  • Enabling multi-factor authentication for all devices 
  • Devices should be used on secure internet networks

Companies also need to remove all defunct software programs and deactivate profiles from past employees. 

Moving Forward 

As commercial facilities continue to adopt IoT tools into their enterprises, the supply chain needs to be more secure. Each department is responsible for implementing fortified security practices to strengthen the overall cybersecurity posture of the sector. With existing NIST frameworks, healthy cyber practices, and an IRM approach, the commercial facilities industry has a greater chance of withstanding threats–while continuing efficiency and growth.

IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.