IoT needs access management

October 2018 Editor's Choice, Infrastructure, Security Services & Risk Management

IoT is a digital enabler that enhances business value through growth and promotes a better customer experience in the commercial world, but also generally has a positive impact on daily living.

Sagan Pillay.
Sagan Pillay.

With any Internet device, there will always be an external threat. The threat of a device being hacked to gain network access and then pivot to another device until critical information is obtained. If your IoT devices are in the workplace, you may have issues that are different.

Devices such as printers that retain copies of scanned documents and, in some instances, have domain credentials, can become a significant risk. The more devices that are linked the greater the possible spread of the breach. There are many different use cases we can review, from light bulbs to air conditioners to electric blinds – all these devices have an operating system and require updates and patches. And if we access these devices wirelessly, so can a hacker.

The disruption of IoT devices can escalate from a minor incident to a mass scale disruption. Protecting access to control these devices is crucial if we are to ensure that administration accounts for them are locked down. These accounts must be treated as privileged and should have the necessary controls in place to isolate any one device in case of a breach attempt.

Data breaches are rapidly and alarmingly on the rise. IoT opens up even more avenues for this to happen. Typically, it all starts with password breaches to get into privileged accounts and then access the data. Last year, global research indicated that password breaches happen every 30 seconds – a frightening statistic.

Cybersecurity companies will always be advancing in this area to protect all devices on the network; unfortunately there is no failsafe solution. The greatest risk is acknowledged to be the insider threat and with IoT this provides a platform for large-scale automated attacks that can be devastating. Cybersecurity companies provide great advice on the preventative controls and I believe with a combination of tools and appropriate behaviour we can avoid a large number of IoT device breaches.

In implementing IoT devices, the principle of least privileged must be applied as well as security by design. This would mean accounts that access the device and its software will be restricted to specific functions only. This also applies to usage of APIs to reduce distributed denial-of-service (DDoS) attacks.

Logical and physical access has become more advanced than ever, although key issues are not being addressed. A lack of awareness and behaviour shows this. We need to promote the right behaviour in the workforce and educating them regarding cyber threats. In businesses, this usually emanates from the company leadership, but for the general population we need government to drive this strongly. IoT is growing, but unfortunately, we will not be ready for it until we can ensure everyone is playing his or her role and are au fait with the application of basic secure behaviours.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Autonomous construction site protection
Editor's Choice Perimeter Security, Alarms & Intruder Detection
Ajax provides an autonomous security solution for a German construction site that is easy and flexible to install. It provides security against intrusions and theft via a 360-degree view.

SMART and secure estates in Cape Town
Technews Publishing Axis Communications SA Gallagher DeepAlert Nemtek Electric Fencing Products Editor's Choice
In February 2024, SMART Security Solutions emigrated to the Western Cape to host its first SMART Estate Security Conference in the region in many years. For the day, we took over the prestigious D’Aria Wine Estate.

Navigating the evolving tech landscape in 2024 and beyond
Residential Estate (Industry) Infrastructure
Progress in the fields of AI, VR and social media is to be expected, but what is not, is our fundamental relationship with how we deploy solutions in our business and how it integrates with greater organisational strategies and goals.

SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Using KPIs to measure smart city progress
Axis Communications SA Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
United 4 Smart Sustainable Cities is a United Nations Initiative that encourages the use of information and communication technology (including security technology) to support a smooth transition to smart cities.

Enhancing estate security, the five-layer approach
Fang Fences & Guards Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
Residential estates are designed to provide a serene and secure living environment enclosed within gated communities, offering residents peace of mind and an elevated standard of living.

Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

2024 Southern Africa OSPAs winners announced
Editor's Choice
The 2024 Southern Africa Outstanding Security Performance Awards (OSPAs) winners were revealed on Tuesday, June 11th, at the Securex South Africa Seminar Theatre hosted by SMART Security Solutions.

Resident management app shows significant growth
Editor's Choice
My Estate Life is a mobile app for residents and managers in housing estates and buildings. Its core aim is to be an easy gateway for residents to manage visitors and staff, and to communicate and administer general property in a simple interface.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.