Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

The Internet of Things: A Force Multiplier for Cyber-Risk

Unprotected IoT devices represent a grave threat. Here's how you can make sure your company is not at risk.
By Tom Maher

It's time for a reality check: it is almost certain that any complex system of hardware, firmware, software and distributed applications have bugs, which represent vulnerabilities and could be exploited. Even when there are regulatory processes and compliances mandated to mitigate the risks, experience tells us it's not possible to eliminate such risks. The IoT represents a class of system that's inherently going to have the potential for vulnerabilities to be exploited.

What makes the current state of IoT security particularly challenging is that the owners of many of the insecure devices have no plans to refresh or replace the devices until they wear out mechanically. That could be decades! So, like it or not, we'll have to manage the problem of enslaved devices being exploited by script kiddies, cyber-terrorists and cyber-criminals for a very long time.

Devices, which have not been designed from the ground up to be secure, now and in the future through secure software updates, shouldn't be on the public Internet. That leaves a difficult problem, because there are already millions of devices out there and they are currently insecure or will be in the future.

Addressing IoT Security Risks
If you are a business, and you have devices in the field, which are vulnerable, what can you do to address this issue?

Start by identifying all your devices and put in place processes to maintain an inventory your business can trust. For each device, establish the value it is adding to your business and first consider decommissioning it. For those devices that remain, have you followed the vendor's advice in terms of network security? Determine how old the software is, and whether the device is running a version the vendor recommends. Can you upgrade or replace old or insecure devices? This will immediately help you determine which devices are supported by vendors that, from a security perspective, you can trust.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations