Archive

Go to:

November 2017
SMTWTFS
1234
567891011
12131415161718
19202122232425
2627282930
< Oct Dec >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Cyber Security Awareness: The Internet of Things
Thursday, October 19, 2017 6:30 AM

“The Internet is part of everyone’s life, every day. We use the Internet at work, home, for enjoyment, and to connect with those close to us. However, being constantly connected brings increased risk of theft, fraud, and abuse.”[5]

Recently reported vulnerabilities in Wi-Fi routers, Google Home, and smart phones remind us of the importance of being aware of the growing digital world around us. Malicious activity now transcends personal and business computers, as our information now flows through many different channels. 

These various connected and interconnected devices represent the Internet of Things (IoT), and in addition to expansive and growing consumer use, “adoption of enterprise IoT is accelerating quickly.”[3] Access to the internet via smart TVs, wearables, security cameras, and even vehicles must be taken into account when considering enterprise and personal security. Furthermore, from a security standpoint, “many of the vulnerabilities in IoT could be mitigated through recognized security best practices, but too many products today do not incorporate even basic security measures.”[6]

Below are some tips offered to help manage the IoT and help protect critical infrastructure as businesses and consumers[2]:

  • Maintain a secure network[7]
    • Keep routers and network equipment up to date
    • Use secure access protocols and passwords for Wi-Fi
    • Monitor connected devices and remove access from the ones that are old or obsolete
  • Keep IoT connected devices up to date
    • Understand how your device works[1]
    • Set to automatically update software and/or firmware when available
    • For businesses, make IoT devices a part of your vulnerability and patch- management process
  • Remove obsolete or unused IoT devices from your networks
    • Technology is evolving rapidly; older and obsolete devices may represent a security risk if they are no longer supported by the manufacturer
  • Research security in IoT devices before incorporating them, especially in the enterprise[1]
  • For businesses, utilize and build on best security practices[6]
    • Apply your current practices to IoT devices
    • Participate in information sharing to receive and report vulnerability information or security alerts regarding devices
    • Prioritize IoT security based on potential impacts:
      • Analyze device’s use before deployment
      • Utilize penetration testing and vendor risk assessments
      • Make deliberate connections and utilize authentication
      • Build in controls
      • Promote IoT awareness with employees and customers

Additional resources:

  • Internet of Things Tip Card: A simple DHS-published tip card.
  • Strategic Principles for Securing the Internet of Things: DHS publication explaining risk and establishing security principles for IoT.

References:

  1. www.readycolorado.com/blog/national-cyber-security-awareness-month-internet-things-safety
  2. www.fletc.gov/critical-infrastructure-and-internet-things
  3. staysafeonline.org/event/can-internet-insecure-things-saved
  4. staysafeonline.org/press-release/organization-leaders-employees-reminded-cybersecurity-workplace-everyones-business-national-cyber-security-awareness-month
  5. www.sba.gov/blogs/national-cyber-security-awareness-month
  6. www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL....pdf
  7. www.dhs.gov/sites/default/files/publications/Internet%20of%20Things%20Tip%20Card_3.pdf
  8. www.pcmag.com/news/348998/what-businesses-can-learn-from-the-mirai-botnet-ddos-attack