Nov 29, 2021 Ed. Note: This article was previously posted at Security Sales & Integration.
Just as the “birds and bees” talk can be difficult, so can talking to your customers about the Internet of Things (IoT). If you are suppling and installing the devices, you know to use protection. We as an industry constantly talk about it and yet we still feel insecure about it. Are your customers thinking about it as much as we do? Here’s how to have that conversation.
We all love to save money and do it yourself when working on anything around the home or office. This can be a very great cost-saving and fulfilling task. But what task should you not take on? These days you have many playing armchair lawyer, doctor and even engineer. Anyone who went to years of school for these professions can tell you one thingL they still were not ready to do the job on day one. The years just prepared them for day one.
When it comes to IT, computers and electronics, we are a world away from the VCR blinking 12:00 and not taping your favourite show (badly). Setting up your devices has become easier, and everyone is used to upgrading quicker and quicker. Would you trust your brakes to an amateur? Would you fly with someone with only a handful of hours behind the stick? Would you want a chef preforming minor surgery just because they know how to use a knife? You would not put your physical life in the hands of the untrained, why do it with your digital footprint?
The Internet has been a great tool. We have smart things from phones, computers and tablets to juicers, washing machines and thermostats. You can even now buy a smart device robot to follow you around. But here is the thing: “things” on the Internet are not always nice. Somewhere in the world—not in some dark basement or warehouse, but in a standard-looking office space—a hacker is toiling away like any other worker to exploit week spots for their gain.
Sure, Microsoft and Apple have you covered. Sure, your IT department locked everything down. That is until that cheap, smart device you got off the Internet is set up on the guest network. Once you let them in, where are they stopped? “Solid IT security has always been based in standards. Lack of uniformed standards with IoT makes it hard to keep up,” says Joe Dorio, a CISSP-certified network engineer at Engineered Security. “As IoT increases and widens the threat paths, cybercriminals are raising the stakes.”
A key to any engineering design is to make it simple. Over-engineering hurts many projects. Unfortunately, when it comes to cybersecurity, nothing is complicated enough. The best defense to not being hacked is not having a device communicate with anything inside or out. This includes people. Social hacking is the best tool in the arsenal, and IoT devices are Trojan horses.
“Most IoT devices have fewer processing and storage resources,” Dorio explains, “making it harder to employ security to protect them.” Simple-to-use devices are great, but simple-to-setup can be dangerous. Auto-detecting devices can always be auto-rerouted. A great online video can be a great way to leave the backdoor open. A random sideload can be a death sentence.
Cybersecurity is so much more than protecting yourself. It is protecting society. Most of the worst cybercrimes have happened to larger targets, by finding soft, smaller targets to get to them. Larger companies in retail, supply chain, digital storefronts, Content-as-a-Service, SaaS and many others are being successfully attacked due to cybersecurity holes in their vendors’ systems.
Credit cards, social security numbers, passwords and other data are ripe for the taking, or the attacker can just lock everything down and hold it for ransom. The Wayne family is safer walking down a dark alley after a show then you are connecting to the free Wi-Fi in a café. DDoS attacks are now coming from cameras and other equipment on a network. Virtual networks are great, but physical, separate networks are better. Being connected to the Internet and getting updates is convenient, but no outside-world connections are even better.
Having access to your data is wonderful, but it being encased in concrete at the bottom of the ocean—well, it’s not better, but it is safer. Constantly keeping your end users informed and educated on all these topics and more will help them understand how important it is to stay protected, and that you are their key resources in doing so.
Source: RFID Journal. Author: Ken Whelan is the COO of Engineered Security.