Cloud Backup
 

We`re just sending through your details

Please give us a few moments whilst we get your account ready.

OKAY

Security of IoT

Security of IoT

posted in Cyber-Security ● 26 Jul 2018

The Internet has changed the way businesses can interact with customers, from social media to online forums and importantly online sales platforms. Customers are increasingly impatient, wanting an interaction to be instantaneous and wanting the way they transact business to work around their lifestyle, never forcing them to go out of their way. The Internet of Things (IoT), is an exciting innovation for those keen to further this experiential trend; IoT will shorten the gap between businesses and their customers and connect users via new mediums and ‘devices’ such as cars, fridges and other everyday items that can be found around the house or office.

This begs the question of how security can be ensured. There has already been evidence of self-driving smart cars being hacked, which in a real-world situation could be to deadly effect. IoT devices need internet to function, that’s a given, so is the real issue around how to secure a network and ensure that it cannot be accessed by an unauthorised individual? Maybe so, however, for organisations of all sizes IoT can mean something slightly different; network connected devices such as printers, CCTV, webcams and Wi-Fi routers represent the IoT landscape as it currently stands for businesses and in every-day office life there seems nothing threatening about this.

Hack Attacks

IoT has built a bad name for itself when it comes to security and has become known for poor levels and regular hacks. Hackers have quickly worked out how to turn connected devices into botnets that can be used to launch large scale attacks on other organisations and networks, often without knowledge of the IoT device owner. In 2016, hackers were able to turn over 150,000 IoT devices into botnets and initiate an attack with global repercussions. The problem stemmed from poor credential management; the Mirai strain of malware used, took advantage of default passwords and account settings and with relative ease was able access the devices.

Cyber-criminals can operate for different purposes, often financial gain as is the case with many Ransomware attacks, but some of these can be more disruptive and not focus on extorting money from those affected. As reported in Verizon’s Data Breach Digest 2017, one university found themselves a victim of an attack after hackers were able to turn their own IoT devices against them. Firewall analysis showed that over 5,000 devices began making hundreds of DNS look-ups, searching seafood restaurants of all things, in order to significantly slow down the network with the aim to crash the network completely.

Protecting IoT devices

As with any cyber-crime or attack, it is very difficult to predict when your network may be under threat and it can be very difficult to stop all kinds of attack. Limiting the possible effect of any attack should be a priority for all organisation as there are often steps that can be easily taken internally to mitigate risks and effects. With IoT devices the solution lies in the way they are set up and administered; hosting IoT devices on a separate network to core business or organisational systems will begin to mitigate the damage that can be done.

Secure credential management is best practice across all aspects of business, many organisations will have staff update passwords regularly and ensure that ‘password1’ is not being used. For IoT devices this is often forgotten but it is most important aspect of securing devices. The first stage of many cyber-attacks, IoT based or otherwise, is acquiring passwords. If the password and username is ‘admin’ or some other default this is no hard task for hackers.

Network monitoring tools can also be implemented to help assure the protection of your office devices. Whilst this may not stop an attack it may pick one up, and flag up any vulnerabilities within systems allowing network managers to patch and prevent future attacks.

How third-party backup for OneNote and Class Notebooks avoids falling into non-compliance trap

If you use OneNote and Class Notebooks regularly, the prospect of waking up one day and finding that your notes have gone, is the stuff of nightmares.

Continue reading

5 ways to add real value to customers’ digital transformation initiatives by providing Kubernetes backup

Here we outline the five key elements CSPs and Azure consultancies need from a Kubernetes backup solution to add real value to customers’ digital transformation initiatives.

Continue reading

Microsoft 365 Security – An overview of best practices

The rise in home working, increase in laptops and wide-scale adoption of OneDrive, SharePoint , and OneNote has only served to intensify issues around data security and access.

Continue reading