IoT needs access management
October 2018, This Week's Editor's Pick, IT infrastructure, Security Services & Risk Management
IoT is a digital enabler that enhances business value through growth and promotes a better customer experience in the commercial world, but also generally has a positive impact on daily living.  Sagan Pillay.
With any Internet device, there will always be an external threat. The threat of a device being hacked to gain network access and then pivot to another device until critical information is obtained. If your IoT devices are in the workplace, you may have issues that are different.
Devices such as printers that retain copies of scanned documents and, in some instances, have domain credentials, can become a significant risk. The more devices that are linked the greater the possible spread of the breach. There are many different use cases we can review, from light bulbs to air conditioners to electric blinds – all these devices have an operating system and require updates and patches. And if we access these devices wirelessly, so can a hacker.
The disruption of IoT devices can escalate from a minor incident to a mass scale disruption. Protecting access to control these devices is crucial if we are to ensure that administration accounts for them are locked down. These accounts must be treated as privileged and should have the necessary controls in place to isolate any one device in case of a breach attempt.
Data breaches are rapidly and alarmingly on the rise. IoT opens up even more avenues for this to happen. Typically, it all starts with password breaches to get into privileged accounts and then access the data. Last year, global research indicated that password breaches happen every 30 seconds – a frightening statistic.
Cybersecurity companies will always be advancing in this area to protect all devices on the network; unfortunately there is no failsafe solution. The greatest risk is acknowledged to be the insider threat and with IoT this provides a platform for large-scale automated attacks that can be devastating. Cybersecurity companies provide great advice on the preventative controls and I believe with a combination of tools and appropriate behaviour we can avoid a large number of IoT device breaches.
In implementing IoT devices, the principle of least privileged must be applied as well as security by design. This would mean accounts that access the device and its software will be restricted to specific functions only. This also applies to usage of APIs to reduce distributed denial-of-service (DDoS) attacks.
Logical and physical access has become more advanced than ever, although key issues are not being addressed. A lack of awareness and behaviour shows this. We need to promote the right behaviour in the workforce and educating them regarding cyber threats. In businesses, this usually emanates from the company leadership, but for the general population we need government to drive this strongly. IoT is growing, but unfortunately, we will not be ready for it until we can ensure everyone is playing his or her role and are au fait with the application of basic secure behaviours.
|
| Credit(s) |
|
|
|
|
|
|
Further reading:
- Digital banking crime statistics
October 2018, This Week's Editor's Pick, News
The South African Banking Risk Information Centre (SABRIC) has released its inaugural digital banking crime statistics.
- Breaking par for security at Woodhill
October 2018, Technews Publishing, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management, Residential Estate (Industry)
Xone Integrated Security was selected to provide a full security service to the luxurious Woodhill residential estate
- Keeping guarding personnel on mines safe
October 2018, Betatrac Telematic Solutions, Technews Publishing, Instacom, Active Track, Mining (Industry), Security Services & Risk Management, Products
They patrol your property in the dead of the night, often risking life and limb, but what can mining companies do to offer their security guards some safety while fulfilling their dangerous duties?
- A platform for enabling IoT solutions
October 2018, Technews Publishing, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
Digital Twin is a South African company that has developed a hardware, software and communication platform to enable companies to harness the Internet of Things (IoT) for their own applications.
- Multiple cameras, one licence
October 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Hi-Tech Security Solutions asks the industry what the benefits of multi-sensor cameras are and where in the market they are finding traction.
- Thermals with analytics are a winning combination
October 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Thermal cameras are a must-have in many security installations, and performance improves when enhanced with video analytics.
- Basic cyber hygiene practices
October 2018, Cyber Security, IT infrastructure
When on the job at a corporate office, a healthcare organisation, or an academic institution or government agency, or even when you are working from a local coffee shop, restaurant, or home office, your organisation’s online safety and security is a responsibility shared by all.
- Securing edge devices and the data they contain
October 2018, AVeS Cyber Security, This Week's Editor's Pick, Cyber Security, IT infrastructure
Charl Ueckermann looks at some best practices to ensure edge devices are not your biggest risk devices in a hyper-connected, perimeter-less world.
- Wise choices decrease fire risks
October 2018, Spero Sensors & Instruments, This Week's Editor's Pick, Fire & Safety
Fire safety at the workplace is a topic that is easily neglected and many businesses do not devote enough attention to it.
- CyberGym launches South African arena
October 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, News, Training & Education
Wolfpack recently introduced a new cybersecurity training service to South Africa. CyberGym is an Israeli company that specialises in real-life cyber training, teaching students with real world simulations.
- Cam Era launches security franchise
October 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, News
New security franchise available in South Africa based on visual verification technology. Franchisor says no technical skills required.
- More efficient building management
October 2018, Johnson Controls, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management, Products
Johnson Controls Enterprise Management platform gives building owners and operators powerful new tools to showcase energy conservation.
|
|
