Cybersecurity awareness and IoT security

Print Friendly, PDF & Email

October is recognized as CyberSecurity Awareness Month (NCSAM) in the US and CyberSecurity Month (ECSM) in the EU.  These are collaborative efforts between governments and industries to raise awareness about various cybersecurity issues and to educate members of the public so that they can do more to keep themselves safe online.

In the United States, there are several themes to NCSAM, and normally each week in October will focus on one specific theme.  This year they have organized it a little differently, focusing on three pillars of security:  Own IT, Secure IT, Protect IT.

They have broken these pillars into 13 areas of concern, and today we're going to dig into just one of them:  The Internet of Things (pdf).

The Internet of Things, IoT, refers to the objects and devices that are connected to the Internet or to an Internet-connected network.  These “things” include cable modems, routers, security cameras, smart TVs, home assistants like Amazon Echo, doorbells like Google Nest, and smart refrigerators like this that can send alerts to your mobile phone.  Even cars that send diagnostic information to your email or phone are part of the Internet of Things.

Regardless of how many smart devices you use in your home, the Internet of Things is thriving and growing all around you.  Governments are turning to “smart city” devices to help with infrastructure management, public security, utility consumption, traffic flows, and emergency response and communications.  Rural areas are also using Internet-connected devices to monitor things like utilities and local weather.  There is also widespread use of IoT in business and industry: cameras and alarms protect sensitive areas, SCADA systems manage industrial, infrastructure, and facility processes, and GPS systems identify routes and track deliveries.

So what's the big deal about all of these “things”?  There are a handful of problems:

It's possible that one of your devices is compromised and participated in an attack, and you might never know.

So what can you do to make sure that your devices are as secure as possible?  The easiest and most important step is to change the password on the device as soon as you have it configured for use.  Default passwords are usually publicly available, either through user manuals and tech support sites, or mega-lists compiled for use by System Administrators who regularly work on these devices.   If an attacker comes across your device and you're still using the default password, there's very little left to protect you from an attack.

Since many IoT devices are controlled by mobile apps, be sure to monitor these apps to make sure they are not abusing permissions on your phone or tablet.  Make sure that you are only using verified apps to control your devices.

Keep your user manual or make sure you know how to check for updates for your device.  If the device cannot be updated, consider replacing it with something that is properly supported by the manufacturer.

A final piece of advice is to make sure that your network is secure.  Follow best practices for passwords, use endpoint protection, enable the firewall on your router, and consider segmenting your network in such a way that separates IoT devices from anything that contains sensitive information or applications with special privileges.  For example, you may want to maintain separation between security cameras and devices like Chromecast streaming media player.

Security for IoT devices used in business and government can be more difficult and more important because of the nature of the devices they use.  These can be anything from fuel pumps to payment systems to licensing kiosks to cash machines.  Basic security rules still apply, but there are also special firewalls that will monitor and protect these devices at all times.   If you are in the position of managing critical devices like this, CyberSecurity Awareness Month is a good time to evaluate the security on each device and make sure your network is fully protected.

Visit the National CyberSecurity Awareness Month website to learn more about the three pillars of security and the Internet of Things (pdf).

The European CyberSecurity Month website has more information on the efforts to raise awareness in the EU.

For a cool background on IoT firewalls, see this blog series on our role in creating the first IoT firewall.  For information on Barracuda Internet of Things security, visit our website here.

 

 

 

INTERNATIONAL  CONTEXT 

This project is in line with the Awareness Raising workstream of the EU-U.S. Working Group on Cyber security and Cyber crime established in the context of the EU-U.S. Summit of 20 November 2010 held in Lisbon.

To read more on the National Cyber Security Awareness Month and the National Cybersecurity Awareness Campaign –Stop.Think. Connect. – organised in the United States and the National Cyber Security Awareness Week organised in Australia, please click on the above links.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top
Tweet
Share
Share