Security of IoT: Issues and Solutions
May 24, 2016
Any ISV considering IoT solutions or an enterprise wanting to take advantage of IoT solutions must be acutely aware that security is a fundamental piece of the solution. Not only could a potential exploit hurt product functionality and damage brand reputation, but it could also introduce network vulnerabilities to other connected server systems. Discovering and patching such vulnerabilities can prove time-consuming and resource-intensive, or even worse could open your organization up to malicious threats with a difficult path to recovery. Target’s Black Friday Hack
It all began with a connected HVAC system that promised the ability to remotely monitor energy consumption and temperatures in the store allowing quick problem resolution and adjustments. This seems like a cool solution, which allows for remote monitoring and could have cost reductions for the store. What they did not anticipate is that this connected device could ever penetrate the network in such a way as to compromise their entire payment system.
This is not to say that connected IoT solutions will always cause a threat, but it definitely demonstrates the need to consider security from every angle. Similar to other stories you’ve read about where infotainment systems in cars were hacked and made driving the car wrought with potential issues and serious dangers; the system could have been potentially hacked to cause the stores to be unusually warm and uncomfortable for visitors to shop. This scenario is certainly not life threatening, but annoying and potentially harmful to revenue.
Instead, the lack of security on the network in which this system resided caused a backdoor into their payment system. The HVAC system exposed network vulnerabilities because it was able to talk to the Internet and was wide open in the network. The result, attackers were able to upload card-stealing, malicious software on point-of-sale devices and, over a series of just a few days, collect 40 million debit and credit card accounts. You may be wondering why wasn’t the unusual traffic noticed, analyzed and reported? How was it even able to talk to systems it had no business talking to? As IoT solutions become more prevalent in enterprise environments, there will be some aspects of the solution that an enterprise can control and some that it can’t. The network is one aspect that is within control, and good security solutions are available that will evolve with IoT to keep networks protected.
IoT Is the Next “Wild West” Hacking Frontier
“Right now, the ‘Internet of Things’ is like computer security was in the nineties, when everything was new and no one had any security standards or any way to monitor their devices for security,” one security research analyst recently divulged to research firm GigaOm. This pervasive industry attitude reflects how the ambitious upscaling of IoT capability in response to market demands is not tempered by security concerns.
Hackers like those involved in the Target example illustrate just how critical IoT attack vectors can be. The promise that connected home appliances, medical devices and children’s smart toys should be considered with the risks that hackers could stop someone’s pacemaker remotely or use connected toys to spy on kids.
ISVs face huge liability risks if they do not consider the dangers of hackers exploiting their server applications in the same way. Suddenly, their product becomes an attack vector for hackers to commandeer enterprise-level systems, and the ISV could be facing financial damages.
Some critical vulnerabilities are easy to spot, but others take the knowledge and expertise of industry security leaders to identify. A value-added system integration partner like UNICOM Engineering can bring their product to market in a stable, secure appliance that removes much of the risk of intrusions or exploits. Most importantly, the systems can be integrated fully into their client’s network security protocols, preventing small security oversights from allowing hackers to infiltrate more critical systems.
A System Integrator Like UNICOM Can Provide Crucial IoT Security Capabilities
Learn more about how a system integrator and application deployment partner like UNICOM can help you reduce risk while leveraging revenue-earning potential and accelerating time to market by reading our new white paper: “Plugging into the Internet of Things: How Independent Software Vendors Can Anticipate and Overcome Key IoT Challenges.”
Click on the button below to download your copy today, and take advantage of the market opportunities IoT offers without fear or hesitation.