https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Thinkstock

Cybersecurity

Best practices for IoT security

Securing IoT deployments requires discipline and strategy. Here's an overview.
  • Written by Sudarshan Krishnamurthi
  • 16th November 2017

While the IoT presents many opportunities, its challenge lies in how to secure connected devices, networks and the data they handle. There is a risk of IoT devices acting as “double agents.” On one hand, they can bring tremendous value to an organization, but they can also be enlisted to help stage attacks. With over five billion connected devices in the world today, according to Gartner, and more than 20.4 billion anticipated by 2020, the potential threat looms large. The rapid and wide-scale adoption of connected sensors and IoT devices in manufacturing, utility, finance and telecommunications industries means that the global economy’s critical infrastructure is increasingly vulnerable.

For instance, in October 2016, hackers leveraged an army of insecure IoT devices, including toasters, to deploy a denial-of-service (DoS) attack using Mirai malware on an internet infrastructure company, infiltrating tens of millions of connected devices. The company targeted said it commonly sees distributed denial-of-service (DDoS) attacks, but that the use of internet-enabled devices is now opening the door to a whole new scale of attack.

One of the vulnerabilities underpinning this attack is the fact that many IoT endpoint manufacturers simply have not built security into their products. Controllers that operate in nearly every industrial environment lack basic security protections like authentication and encryption. Hackers just need access to the controllers to change configuration, logic and state.

Also, IoT devices typically have vulnerabilities that are easily exploited, like default passwords that never get changed, remote access backdoors meant for use by field service technicians and weak authentication. Some device manufacturers employ trusted boot capabilities, encrypting network traffic or using Secure Shell (SSH). But if they and the organizations that buy them don’t implement these protections correctly, such efforts can be ineffective.

Basics to securing the IoT

IoT security can be optimized with a disciplined process that involves equipment selection, regular maintenance and cross-functional collaboration. A trained and trusted advisor with specific expertise in implementing IoT and security protocols can guide organizations through the key steps to securing the IoT, which include:

  • Selecting equipment and software with built-in security protections.
  • Regularly changing default usernames and passwords on IoT devices.
  • Updating IoT devices with the latest operating systems and patches.
  • Implementing data encryption, network authentication and secure private networks.

And, since both the information technology (IT) and operational technology (OT) parts of an organization are affected by IoT, engineers from both of those worlds need to collaborate in setting up security policies and procedures for their applications, devices and networks.

The need for new skills

It’s important for IT and OT teams to collaborate. It’s also important to build their existing skill sets. Creating, securing and supporting IoT implementations require new skill sets as well as a strategy to refresh those skills on a regular basis. Both IT and OT need digital expertise. So, training staff members to address IoT is essential for successful digital transformation.

For instance, the converged architecture involved in IP-connected factories introduces a need for new and evolving skills that most current IT or OT professionals don’t have. As a result, individuals from each discipline need to learn the technology from the other. Additionally, soft skills in areas such as communication, collaboration and project management enable teams to work together in a more productive and integrated way.

[IoT Data & AI Summit demonstrates how the next generation of IoT and AI technologies will converge to unlock the intelligence of things. Get your ticket now.]

Learning about industrial networking and application protocols will advance IT engineers’ skillsets in the digital era. Understanding IoT security technologies and being able to implement the most relevant ones for a particular organization will give IT professionals a strategic advantage.

OT engineers must shift away from the hierarchical Purdue model for enterprise control, in which information flows up from the production floor to the enterprise-level systems. Instead, they must move to a flattened IP-connected world, in which information flows through a single, physical location.

Preparing for tomorrow

As connected devices and applications proliferate, the demand for experts in security and engineering will only increase. Individuals and organizations can prepare for this exponential demand by first becoming aware of their own proficiencies in IoT and security. Learning basic principles of IoT endpoint protection is critical to successful digital transformation. Next, find training that’s needed to fill skills gaps. Certifications are highly valuable, as they offer proof of what an individual knows and how he or she can benefit the organization’s digital transformation goals. By assessing skills gaps and continually upskilling, organizations and individuals position themselves for success.

Tags: Article Security How-to

Related


  • IoT security
    Protecting Your Network Against Ripple20 Vulnerabilities
    Early this year, Ripple20 wrought havoc on numerous IoT devices, given vulnerable third-party code. Here are ways to prevent your organization from the fallout.
  • IoT security
    IoT Device Security: Risk Assessment, Hygiene Are Key
    As devices and data proliferate at the edge of the network, IT pros have encountered new challenges in securing enterprise IT systems.
  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • Addressing Heightened IoT Risk in Health Care
    As digital health technologies proliferate in 2020, there is newfound hope for monitoring patients remotely and triaging patient care. But there is also heightened IoT security risk.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • IoT Security Best Practices for Industry and Enterprise
  • Tactics for Successfully Selling IoT Technologies
  • Securing IoT at the Edge Is Key to Safe IoT Operations
  • Building a Foundation for AI in Cybersecurity

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

Zero Trust Manufacturing: Navigating Complex Supply Chains to Build Trusted IoT Devices

27th January 2021

IoTConnect and How to Get Started

27th January 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

#IoTpentesting is critical as #IoTdevices proliferate and #edgecomputing becomes the norm. dlvr.it/RrWr0Y https://t.co/LsMH1VJJFk

28th January 2021
IoTWorldToday, IoTWorldSeries

Zero Trust Manufacturing: Navigating Complex Supply Chains to Build Trusted IoT Devices dlvr.it/RrTDP4 https://t.co/fuH0GrHJrX

27th January 2021
IoTWorldToday, IoTWorldSeries

PKI: The Solution for Designing Secure IoT Devices dlvr.it/RrTDNF https://t.co/KBWcsksAQi

27th January 2021
IoTWorldToday, IoTWorldSeries

Five Guiding Tenets for IoT Security dlvr.it/RrTDGS https://t.co/Ss17Vn4sFw

27th January 2021
IoTWorldToday, IoTWorldSeries

📢 Announcing #EIOTWORLD Silver Sponsor @ONETech_AI! 💡 Learn more about sponsoring Embedded IoT World here:… twitter.com/i/web/status/1…

27th January 2021
IoTWorldToday, IoTWorldSeries

IoTConnect and How to Get Started dlvr.it/RrT1gl https://t.co/6Vci1hvOV2

27th January 2021
IoTWorldToday, IoTWorldSeries

RT @IoTWorldToday: #IoTsecuritytrends in 2021 will feature new threats given #remotework, #digitalhealth and #edgecomputing. https://t.co/S…

27th January 2021
IoTWorldToday, IoTWorldSeries

#IoTsecuritytrends in 2021 will feature new threats given #remotework, #digitalhealth and #edgecomputing.… twitter.com/i/web/status/1…

25th January 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X