7 tips to secure against IoT cyberthreats

Many insecure connected devices have found their ways into businesses

by Charles Cooper

For years, experts have warned about the danger of Internet of Things (IoT) devices, often built by companies on the cheap with little or no interest in building security into their products. Many of these insecure devices have found their ways into businesses, interacting and exchanging cloud-based information with other parts of the corporate infrastructure.

With the emergence of powerful IoT malware such as Mirai, the bad news predictions are being borne out. The reality is that any connected device provides an attack vector for adversaries.

Still, the prospect of malware-infected devices repurposed as a zombie army acting at the behest of cyberattackers hasn’t slowed IoT adoption. Just the opposite is true, in fact.

Companies in sectors such as manufacturing, transportation, healthcare and utilities continue to deploy IoT devices in ever-greater numbers, and researchers expect billions of devices will be in use around the world by the end of this decade.

Your plan of attack

When it comes to IoT security, there may be no silver bullet. But that doesn’t mean you’re left defenseless.

As noted in a recent AT&T Cybersecurity Insights report, "The CEO's Guide to Securing the Internet of Things," companies can mitigate the threats by adopting a proactive approach that builds in security from the start. The goal should be to lay down a strategy that aligns IoT security with the organization’s existing cybersecurity policies and systems.

Here are seven blocking and tackling tips your cybersecurity team should consider implementing.    

  1. Device assessment: Order a device assessment to track where IoT devices are being deployed and how they operate with the rest of the infrastructure.   
  2. Vulnerabilities: Identify any security vulnerabilities so that the IT team can swing into action to make any necessary fixes.   
  3. Credentials: Change any standard default log-ins and passwords  Leaving default credentials in place will only invite trouble as botnets frequently scan for IoT systems that use factory-default or hard-coded usernames and passwords.   
  4. Updates: Keep all your devices up to date with all the latest security and firmware updates.   
  5. Security prioritization: Security ought to be treated as a priority as high as functionality. If your organization intends to develop its own IoT apps, make sure that security testing is front-and-center, not an afterthought.   
  6. Encrypting: Adopt an end-to-end, data-centric security approach by encrypting all communications, commands and values transmitted from any IoT device to the infrastructure.   
  7. Telecommuters: Telecommuting employees should only connect through secure Wi-Fi, and not use public Wi-Fi at the corner coffee shop or airport lounge. Spell out specific policies and controls telecommuters must abide by.

The very connectedness of the IoT leaves it open to security and safety vulnerabilities. But by implementing a tight security policy for your growing arsenal of devices, your organization will go a long way to guarding against IoT-powered zombie attacks.

Visit the AT&T Cybersecurity page to learn more about protecting your business.