The Need for Industry-Led IoT Security Standards and 5 Best Practices

Since January 1^st of 2018, a barrage of cyberattacks and data breaches have touched almost every industry, targeting businesses large and small, many of which are now from IoT devices. By 2025, it is estimated that there will be approximately 75 billion connected devices around the world –from wearables and pacemakers to thermometers and smart plugs–on the market and in the home. Cybercriminals are keen to leverage them in attacks and this heightened interest is due to the vulnerabilities in many IoT devices, not to mention their ability to connect to each other, which can form an IoT botnet.

At the moment, the bulk of IoT security falls heavily on the users of IoT devices and applications, be they organizations or individuals. According to the same survey, organizations are predicted to spend US$1.5 billion on IoT security in 2018, a 28-percent increase from the US$1.2 billion in 2017.

Unfortunately, there are few incentives for manufacturers to increase their costs and include devices that come with stronger security features. Therefore, some IoT devices have a lack of basic security protection. Before we turn to government regulation of IoT security, the industry needs to set security standards. Already, there is discussion within government around placing responsibility of this security on the manufacturers.  If the industry collaborates and creates a ratings system or specific metrics to determine the level of security of IoT devices, it may be effective in decreasing the vulnerability to attacks. Industry-led standards would also encourage companies and consumers to buy more secure devices, creating a needed economic incentive for manufacturers.

Industry-led security standards would be effective if put in place. However, until then, IT professionals, companies and consumers should use these best network management practices to determine the security-readiness of IoT devices.

1. Use a unique username and password for each IoT device. Instead of using hard-coded default credentials or setting simple usernames and passwords that many users will never change, organizations should require users to pick a strong password when setting up each device. It’s also important to use different passwords for each device. This makes it harder for attacks to occur on every IoT device.
2. Hardware and platform security. Many IoT devices use an open-source operating system, which enables faster product development. However, this makes the device more prone to attacks. Since IoT is fairly new, there is also little expertise available in developing a truly secure application. Make sure that any device you allow in your network has the hardware and platform that comply with security regulations.
3. Secure data storage. The more connected devices you or your organization has, increases the amount of generated data. This requires additional storage capacity to handle the volume and variety of data. Look into data security mechanisms like high availability and disaster recovery to protect data from loss or theft.
4. Build IoT devices so they can automatically receive software updates. Make sure your devices and the software and applications are updated regularly or automatically. This should include security patches.
5. Educate employees about cyber-security. Hackers are too often able to gain access through personal devices with weak security or social engineering. Therefore, it is essential for your organization to educate employees about cyber-security and to train them before a breach occurs.

Connectria is constantly looking for vulnerabilities and finding ways to better protect our customers’ servers and data. Our expert engineers utilize best practices and a two-tier security architecture to commit to the security of our customers. With 24/7 support, monitoring and tracking, you can focus more on your business and put your mind at ease. If you have any questions regarding security or other services we provide, please contact us.