Cybersecurity risks to IOT

Goals

To obtain background information to assist with writing an article, beter understand the cybersecurity risks and solutions associated with the IoT.

Early Findings

Risks/Causes

  • The number of connected devices increases the risk because there are more entry points for hackers to get in and compromise the system. An example of this is a garage door opener that also allows for disarming a home security system.
  • devices increase the risk because there are more entry points for hackers to get in and compromise the system. An example of this is a garage door opener that also allows for disarming a home security system.
  • The National Institute of Standards and Technology, a division of the U.S. Department of Commerce, describes the three broad areas of risk associated with IoT as devices, data, and personal privacy.
  • Sensor data can be compromised when sensors are accessed wirelessly and made to produce false data. Sensor data needs to be effectively managed so attacks can be quickly identified.
  • Actuators on devices allow for changes to the physical world. Examples are turning lights on or off, adjusting temperature, and locking or unlocking doors.
  • Most IoT devices have the ability to do much more than what they are actually used for. The potential capabilities of devices adds an extra layer of risk because when looking at the risks associated with the device, it needs to be approached from what it potentially can do, not just what it does do.
  • Manufacturers do not always create devices that have the necessary hardware or software in place to allow the device owners to implement strong security. An example of this would be devices that don't allow for the changing of usernames and passwords.
  • Employees are often one off the biggest risks for IoT devices and systems as they can be susceptible to phishing schemes and trying to adapt devices to better meet their needs without thinking of the larger potential consequences.

Best Practices/Solutions

  • One of the fist steps that should be taken to inform solutions to IoT security risks is to identify what an attacker's goal would be when they access a particular device. Knowing what the attacker may be trying to do is the first step in putting security in place.
  • Protecting the credentials of IoT systems and devices is one of the most important steps organizations can take to reduce the risk of system breaches.

Proposed next steps:

You need to be the project owner to select a next step.