We live in an age where digitally connected devices become dominate in many aspects of people’s lives, including smart homes, autonomous cars, digital offices, medicine and the manufacturing industry. As we observed recently, IoT devices do not ship as fail safe and many are exposing the end user through built in vulnerabilities and insecure configuration. Some of those vulnerabilities need to be fixed immediately as they put the end user in great risk, this includes a car that can be controlled remotely taking over the breaks and steering wheel or a baby monitor that can be remotely controlled, allowing unauthorised users access to the microphone and camera.
Government legislation and new emerging industry standardisation are some of the example of recent initiatives in an attempt to force manufacturers to ensure more efforts are put into securing Internet of Things devices. Enterprises and personal subscribers should also take responsibility ensuring basic security hygiene is kept including
- Identify the vulnerability and risk posture
- Develop remediation plans i.e. patching
- Enforce network segmentation and other access controls
- Maintain a password policy and avoid using default vendor passwords
- Drive stakeholder accountability to ensure ongoing ownership of IoT security issues
There is no one single silver bullet approach to IoT security, regardless ensuring some of the basic building blocks are in place can guarantee security hygiene is maintained and risk is kept to a minimum. Proactive management of this risk also allows enterprises to work closely with device manufacturers to ensure vulnerabilities are remediated as soon as possible and that manufactures take further responsibility in ensuring device are shipped with secure and risk free operating environment.