The Internet of Things: Three Key Security Considerations for SMEs

Here's how small and medium enterprises can safeguard their businesses and their customers in the IoT era.
By Ranjit Bhalerao

2. Hackers Will Find Security Vulnerabilities Currently, about 70 percent of all IoT devices are vulnerable to hackers. Most IoT devices use unencrypted network access, which makes them vulnerable to attack. Furthermore, users often neglect to change the default access password that the manufacturer assigned to each device, which makes sensitive information easier to compromise, compared to data protected by user-set passwords. The Web interface used to connect these devices to a network may also have multiple security holes, such as cross-site scripting and weak credentials.

Another disturbing fact is that IoT devices often employ mediocre authorization, which fails to vet passwords for their strength (the type and number of characters used) and length. Managing vulnerabilities will pose a major challenge for IT administrators, because they will need to devise a system that can figure out how a vulnerability can be either patched easily or mitigated at the network level. Then they need to learn how to prioritize these processes.

What's needed is a simple yet robust IT security solution that will streamline the way in which SMEs handle these tasks. At the same time, since many SMEs lack the in-house resources or expertise to effectively carry out IT security on a day-to-day basis, they should consider contracting with IT service providers.

3. Identifying the Right Defense for the Right Device Will Be Essential Security threats in an IoT environment are delivered through multiple attack surfaces: vulnerable devices and components that are trusted in a local network, as well as the Internet connection to that network.

The local network is the most important element at the intersection of OT and IT that can deliver a potent attack from the point of entry to the intended targets within an organization. Hence, the best strategy is to identify all entities that have been granted access to the local network, and limit the potential damage, should these entities become compromised.

As the technology matures, so will the challenges of identifying the proper security measure for each device type and application. To meet all challenges, SMEs need an effective risk-assessment methodology. Risk management begins with a well-thought-out IT security strategy. The selection of a robust security solution should be one of your key initiatives as you begin your IoT journey.

IoT Alternatives
A majority of SMEs currently lack the security infrastructure necessary to safeguard their operations and data from attackers. While the IoT offers the lucrative prospect of profit and productivity, consider this: How will businesses be able to defeat the coming wave of cyber attacks when they are not even prepared for today's IT threats?

It is common knowledge that where the most popular technology goes, cybercriminals follow—and to be effective, hackers need to succeed only once. With an IoT explosion on the horizon, the best advice for SMEs is to start considering your IoT security options now, keeping in mind the potential pitfalls. A comprehensive, well-thought-out approach for IT and OT security, as well as business and customer data protection, cannot be an afterthought.

Ranjit Bhalerao, MSCS, MBA, is responsible for IoT initiatives at Quick Heal Technologies, a global provider of IT security solutions. He has nearly 20 years of senior-level technology industry experience, and his work in the IoT market spans more than three years. Previously, Bhalerao held engineering and product-management positions at Cisco, Airvana and Nevis Networks.

JOIN THE CONVERSATION ON TWITTER
Loading
ASK THE EXPERTS
Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations