IoT needs access management

October 2018 Editor's Choice, IT infrastructure, Security Services & Risk Management

IoT is a digital enabler that enhances business value through growth and promotes a better customer experience in the commercial world, but also generally has a positive impact on daily living.

Sagan Pillay.
Sagan Pillay.

With any Internet device, there will always be an external threat. The threat of a device being hacked to gain network access and then pivot to another device until critical information is obtained. If your IoT devices are in the workplace, you may have issues that are different.

Devices such as printers that retain copies of scanned documents and, in some instances, have domain credentials, can become a significant risk. The more devices that are linked the greater the possible spread of the breach. There are many different use cases we can review, from light bulbs to air conditioners to electric blinds – all these devices have an operating system and require updates and patches. And if we access these devices wirelessly, so can a hacker.

The disruption of IoT devices can escalate from a minor incident to a mass scale disruption. Protecting access to control these devices is crucial if we are to ensure that administration accounts for them are locked down. These accounts must be treated as privileged and should have the necessary controls in place to isolate any one device in case of a breach attempt.

Data breaches are rapidly and alarmingly on the rise. IoT opens up even more avenues for this to happen. Typically, it all starts with password breaches to get into privileged accounts and then access the data. Last year, global research indicated that password breaches happen every 30 seconds – a frightening statistic.

Cybersecurity companies will always be advancing in this area to protect all devices on the network; unfortunately there is no failsafe solution. The greatest risk is acknowledged to be the insider threat and with IoT this provides a platform for large-scale automated attacks that can be devastating. Cybersecurity companies provide great advice on the preventative controls and I believe with a combination of tools and appropriate behaviour we can avoid a large number of IoT device breaches.

In implementing IoT devices, the principle of least privileged must be applied as well as security by design. This would mean accounts that access the device and its software will be restricted to specific functions only. This also applies to usage of APIs to reduce distributed denial-of-service (DDoS) attacks.

Logical and physical access has become more advanced than ever, although key issues are not being addressed. A lack of awareness and behaviour shows this. We need to promote the right behaviour in the workforce and educating them regarding cyber threats. In businesses, this usually emanates from the company leadership, but for the general population we need government to drive this strongly. IoT is growing, but unfortunately, we will not be ready for it until we can ensure everyone is playing his or her role and are au fait with the application of basic secure behaviours.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Key criteria in the selection of CCTV control room operators
Issue 5 2020, Leaderware , Editor's Choice
Some people are better at aspects of the job of CCTV operator than others, and some companies put in a lot more effort in choosing their operators than others.

Leaders in risk and security: As long as there are people, there will be risk
Issue 5 2020, iFacts, Technews Publishing , Editor's Choice
Jenny Reid is a self-made success, focusing on people, the risks they create and the potential they have.

XProtect available on AWS
Issue 5 2020, Milestone Systems, Technews Publishing , Editor's Choice
Milestone recently announced the availability of XProtect on Amazon Web Services. Hi-Tech Security Solutions asked Keven Marier for more information.

From data centre to edge, from one source
Issue 5 2020 , Editor's Choice
First Distribution (FD) is better known in South Africa as an ICT distributor with an enterprise focus. Its offerings in this regard range from client solutions through to hosted solutions, data centre ...

Paxton launches access and video management
Issue 5 2020, Paxton Access , Editor's Choice
Paxton’s next-generation access control and video management system, Paxton10, officially launched in South Africa on 2 July 2020. Paxton10 is the next step in complete security solutions and combines ...

The evolution of security in residential estates
Residential Estate Security Handbook 2020 , Editor's Choice, Integrated Solutions, Security Services & Risk Management
Two large estates discuss their security processes and the ever-expanding scope of responsibilities they need to fulfil.

The COVID test for estate business continuity planning
Residential Estate Security Handbook 2020, Technews Publishing , Editor's Choice
Many estates were caught unaware when the COVID-19 pandemic and subsequent lockdown hit. Helderberg Village was ready for the challenge.

Bang for your security buck(s)
Residential Estate Security Handbook 2020, Alwinco , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions asks how estates can maintain a good security posture in the time of the ever-shrinking budget.

Local or remote management
Residential Estate Security Handbook 2020, Xone Integrated Security, Vox Telecom, Fidelity ADT , Editor's Choice
Hi-Tech Security Solutions asked three companies well versed in offering control room services – either remote, local, or both – what’s happening in the estate monitoring and/or management market.

Residential Estate Security Conference 2020
Residential Estate Security Handbook 2020, Technews Publishing , Editor's Choice
Back in the old days when conferences that people attended in a single location were a thing, Hi-Tech Security Solutions held its Residential Estate Security Conference 2020 at the Durban Country Club.