The largest growth of devices connected to the Internet are not computers, but devices designed to perform a specific function. These devices include cameras, smart phones, light bulbs, Amazon Echos, garage door openers, TVs, automobiles, sound systems, programmable logic controllers (PLCs), HVAC systems, elevators, security systems, ovens, refrigerators, thermostats, water heaters, heart monitoring systems and more. These devices are part of the Internet of Things (IoT) that is flooding the Internet with new devices. This explosion of new devices is creating massive new security concerns.
All of the IoT devices share a common foundation - modified versions of the Linux operating system. The popularity of Linux is because most versions of Linux are free with access to the source code. The operating systems are then highly modified to adapt to nearly any device. While this flexibility has caused an explosion of devices that we can not monitor and manage over the Internet, it also possesses security problems since at their core, every IoT device is a Linux computer with usernames, passwords and vulnerabilities.
The New Jersey Cyber Security and Communications Integration Cell (NJCCIC) provides security focused companies like DeckerWright Corporation weekly and emergency updates on the state of cyber threats. The reporting of cyber threats on IoT devices has grown exponentially over the last year. Why is that? First, there has been an explosion of new IoT devices, the more attack surfaces. Second, IoT manufacturers are not typically well versed in cyber security . As a result, IoT devices are often released with little regard for security after the basic device functions are proven to work. Third, most IoT devices are never upgraded with new "firmware". As a manufacturers have become more tuned into the security risks associated with their products, they have been issuing "firmware" updates to patch security holes. When was the last time anyone upgraded the firmware in their network camera? Fourth, as cyber criminals begin to notice the vulnerability of IoT devices, they are developing methods for identifying IoT devices and are publishing successful exploits on the dark web. We are only seeing the first generation of exploits targeting IoT devices. Expect the next generation to be much more targeted and ferocious.
Unfortunately, anti-virus (AV) software companies don't have any solutions for protecting IoT devices. Even with a common Linux operating system base, the Linux systems are so highly customized that AV software companies have no way to write software to protect them.
Here are some ways to protect your IoT devices from being compromised by cyber criminals.
Our industry is scrambling to come up with ways to monitor and protect IoT devices on networks. The best defense we have today are Security Information and Event Management (SIEM) systems which can quickly identify suspicious network activity and alert cyber security experts. Since the devices will never be smart enough to defend themselves, we must rely on perimeter technology, advanced monitoring and proper device setup to protect the ever growing population of IoT devices.
Click HERE for more information.