IoT needs access management

October 2018 Editor's Choice, IT infrastructure, Security Services & Risk Management

IoT is a digital enabler that enhances business value through growth and promotes a better customer experience in the commercial world, but also generally has a positive impact on daily living.

Sagan Pillay.
Sagan Pillay.

With any Internet device, there will always be an external threat. The threat of a device being hacked to gain network access and then pivot to another device until critical information is obtained. If your IoT devices are in the workplace, you may have issues that are different.

Devices such as printers that retain copies of scanned documents and, in some instances, have domain credentials, can become a significant risk. The more devices that are linked the greater the possible spread of the breach. There are many different use cases we can review, from light bulbs to air conditioners to electric blinds – all these devices have an operating system and require updates and patches. And if we access these devices wirelessly, so can a hacker.

The disruption of IoT devices can escalate from a minor incident to a mass scale disruption. Protecting access to control these devices is crucial if we are to ensure that administration accounts for them are locked down. These accounts must be treated as privileged and should have the necessary controls in place to isolate any one device in case of a breach attempt.

Data breaches are rapidly and alarmingly on the rise. IoT opens up even more avenues for this to happen. Typically, it all starts with password breaches to get into privileged accounts and then access the data. Last year, global research indicated that password breaches happen every 30 seconds – a frightening statistic.

Cybersecurity companies will always be advancing in this area to protect all devices on the network; unfortunately there is no failsafe solution. The greatest risk is acknowledged to be the insider threat and with IoT this provides a platform for large-scale automated attacks that can be devastating. Cybersecurity companies provide great advice on the preventative controls and I believe with a combination of tools and appropriate behaviour we can avoid a large number of IoT device breaches.

In implementing IoT devices, the principle of least privileged must be applied as well as security by design. This would mean accounts that access the device and its software will be restricted to specific functions only. This also applies to usage of APIs to reduce distributed denial-of-service (DDoS) attacks.

Logical and physical access has become more advanced than ever, although key issues are not being addressed. A lack of awareness and behaviour shows this. We need to promote the right behaviour in the workforce and educating them regarding cyber threats. In businesses, this usually emanates from the company leadership, but for the general population we need government to drive this strongly. IoT is growing, but unfortunately, we will not be ready for it until we can ensure everyone is playing his or her role and are au fait with the application of basic secure behaviours.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Keeping our changing environment secure
August 2019 , Editor's Choice, Security Services & Risk Management
For a crime to take place there needs to be a victim and a criminal who sees an opportunity. For a cybercrime to take place we need the same set of circumstances.

Augmented security with drones
August 2019, Drone Guards , Editor's Choice, Integrated Solutions
Drone Guards is moving into an untapped market of using drones to secure residential estates and other high-value assets such as mines, farms and commercial properties.

The importance of real security risk assessments
August 2019, Sentinel Risk Management , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Andy Lawler, MD, Sentinel Risk Management, says a security risk assessment is an onerous task, but is not something estates can consider optional or a luxury item anymore.

Risk assessment or product placement?
August 2019, Technews Publishing, Alwinco, SMC - Security Management Consultants , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Hi-tech security solutions asked a couple of experts to provide estate managers and security managers with some insights into what a ‘real’ risk assessment includes.

How far are we really at with artificial intelligence?
August 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, IT infrastructure, Residential Estate (Industry)
Justin Ludik unpacks exactly how far AI has come and what it potentially can do for society and more importantly, surveillance.

Residential security – caveat emptor
August 2019, Stafix , Integrated Solutions, Security Services & Risk Management
When it comes to improving your property’s security, make sure you take all the options into account as you build a layered approach to keeping people safe and assets secured.

The importance of effective perimeter security
August 2019, Elf Rentals - Electronic Security Solutions, Stafix , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Residential Estate (Industry)
Protecting the perimeter is critical for any residential estate; how does one go about making sure your perimeter is as secure as possible?

Ensuring your electric fence is compliant
August 2019, Stafix , Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management
A challenge facing both existing and potentially new perimeter electric fence installations is how to economically meet the legal requirements required in the SANS 10222-3:2016 standards document.

Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

The hidden claws of proof of concept
August 2019 , Editor's Choice, Integrated Solutions
Proof of concept is a proven methodology for testing new technologies, but it isn’t perfect, and it can be more of a hindrance than a help.