Business and Technology Insights

IoT: Assessing and Addressing Security Challenges

 
March 7, 2018

When digital networks are vulnerable, they are exposed to spyware, malware, and hackers who are looking to steal data and disrupt operations. And while Internet of Things (IoT) technologies give businesses unprecedented opportunities to improve the ways they support their products, they also open themselves up to unprecedented opportunities for their products and systems to be corrupted.

Every IoT technology that logs into a company’s computer network is a potential security risk. Some even pose a significant threat to an organization.

To protect your network against the security risks of connected devices and sensors, we have found eight moves can go a long way:

  1. Appointing a centralized team: Task the team with assessing the vulnerabilities of your company’s IoT devices and your network. Make the team accountable for on-going compliance with risk management policies. The group should include the Chief Information Security Officer (CISO), to bridge the differences between your company’s IT and operational technology (OT) divisions.
  2. Locating your critical IoT assets: Companies often fail to realize the number of devices and sensors they tap into daily for information. They need to catalogue these assets and determine which ones pose a significant risk. Then they must prioritize how they will deal with IoT security challenges.
  3. Identifying software vulnerabilities: IoT devices are one-part hardware and one-part software. But the latter is often more susceptible to hacks and malware. By cataloguing each device, you can protect them against hacks more easily through over-the-air (OTA) updates or patches.
  4. Discovering devices accessing the network: Use technology to automate the discovery of new devices joining your network and assess their vulnerabilities. Send software updates or patches to devices that are susceptible to attacks. Remember to include isolated networks at industrial sites in your review so comprehensively secure your IoT infrastructure.
  5. Watching out for emerging threats: Continually monitor all connected devices for new threats such as distributed denial of service (DDoS) attacks. These attacks usually result from an error in software development or vulnerabilities in open source software.
  6. Inspecting new devices before granting access: To leverage the IoT, companies must add new devices to their network – for example, new products rolling off the assembly line with embedded sensors and wireless communications devices. However, to stay secure, organizations need a process for on-boarding and securing those new devices.
  7. Demanding best practices from business partners: Your corporate networks aren’t just accessed by members of your staff but also by external parties. To ensure your network stays secure, enforce strict compliance standards and require that business partners comply with them.
  8. Keeping backups ready: Your network’s security plan should be part of your broader corporate risk management program. Ensure you have backups of your systems and can restore data as soon as possible.

These eight steps will help you protect your organization against internal and external IoT-related cyber threats. Leveraging the IoT has become critical for many organizations. However, so is keeping the corporate network and every device attached to it safe. Waiting too long to secure their IT infrastructure can leave companies exposed to threats that can cause reputational and financial damage.

To learn more about this and find smart ways to secure your IoT infrastructure, read my article Raising Your IoT Security Game in this edition of our management journal, Perspectives.

Satish Thiagarajan is the Global Head, Cyber Security Practice at TCS. Satish has over 24 years of experience across industries and IT involving consulting, business analysis, process re-engineering, concurrent multi-project delivery management in Application support, Infrastructure management, Enterprise Security and Testing. At TCS he is the Head Enterprise Security and Risk Management, Head Technology Office and Head of Testing Centers of Excellence. Satish has handled multiple roles like Business Analyst, Application Support Manager, and Relationship Manager, IS Practice Director, Global Practice Head and worked across domains like Application development and Maintenance (ADM), Infrastructure services (IT IS) and Testing (Assurance Service).