Remember all the experts saying the Internet of Things would bring explosive growth to the world of connected devices? Well, not only were they right, but that explosive growth is happening right now, bringing a host of both innovative devices and potential new security headaches.
How quickly is the world adding devices to the Internet? So quickly that even leading industry observers aren’t totally sure what the number is. In the last year, Cisco estimated 2020 would see 27 billion devices added, while Security Today estimated it would be 31 billion new devices. Either way, that’s almost 1000 new devices each second!
And don’t expect that growth rate to slow down any time soon. Connected devices – everything from computers to smartphones to smart devices in every business, office, factory, hospital or home – will only grow in numbers for the foreseeable future.
All those devices producing all that data creates significant challenges for anyone in the business of keeping a network safe. After all, in the ongoing COVID-19 pandemic, most organizations faced challenges securing one remote device, the laptop. Imagine the challenge when you have dozens of IoT devices per person, especially as those devices get more powerful each year and leverage faster connection speeds such as 5G.
So what’s a network administrator to do?
As more and more devices are added to networks, it’s important to have a clear understanding of new security risks as well as the added opportunities to provide better security. We see three important factors to understand regarding connected devices:
- Size: The first IBM compatible portable computer in 1982 weighed 28 pounds. As devices shrink in size and have portable power sources, you can place devices in locations that previously were impossible to reach. You can place devices in appliances, furniture, clothing, lightbulbs, almost anywhere. And though these devices have computers that fit on a fingernail, these are not simple machines; in fact, they are powerful, flexible computers susceptible to hardware and software vulnerabilities.
- Storage: Even though devices are shrinking in physical size, the amount of information they can process and store keeps rising exponentially. This means that it is more difficult to secure them. The more complex the system, the more lines of code, the greater the surface area for potential attackers to exploit. However, this added power also provides greater capacity for modern AI-powered security tools.
- Speed: Network connection speeds continue to increase. 5G means that devices can communicate faster than cabled devices at your office. The implication is robust connections provide device utility, but also can be used to launch DDoS attacks or extract your organization’s information much faster than before.
As we depend on these devices for more critical roles in both our organizations and our personal lives, it is important to understand how to make them more secure. When considering how to reduce risk, one helpful way to look at it is by using two key pillars from the NIST framework: prevention and detection.
Prevention:
- Update software regularly: As with your laptops and smartphones, good security starts with regularly updating the software. Choose devices that do this automatically and are from companies you trust because a company that goes out of business will no longer provide security patches. Because IoT devices are so powerful (3 S’s from earlier), expect more and more devices to use general purpose operating systems like Android that need to be updated.
- Use different passwords: Just because you’re setting up a lightbulb or speaker, it does not mean you should ignore secure passwords. Hackers can use “simple” devices to move towards more valuable targets, like your security cameras or laptops. Use a different password for every system, so that if your password is discovered criminals can’t use the same password to infect other devices.
Detection:
- Segment your network: Network providers are creating easier solutions for home and small-organization use. In building your network, assume your lightbulbs will get infected and try to infect other devices in your home organization. One way to reduce such lateral movement is to put IoT devices on a different network than your laptops.
The good news for everyone is that the same good security principles and best practices that work well for historic devices such as that 28-pound portable PC, also work well for the latest technology. Techniques that keep you safe on your laptop and smartphone also apply to IoT.
The computing power of IoT devices continues the decades-long march forward as smaller and smaller devices have more and more power. When astronauts traveled to moon, the Saturn V that powered them through space had an entire vertical section devoted to the Launch Vehicle Digital Computer and its instrument unit. That section was 33 feet in diameter. Today, we’ve shrunken a computer to fit into a lightbulb, only the lightbulb is thousands of times more powerful.
We don’t suggest building your own Saturn V rocket at home, but we do suggest embracing the connected computing technology it helped start. The comparison between a Saturn V rocket and a lightbulb illustrates the journey we are on, rather than the destination. Connected devices will continue to shrink and increase in capability. Remember that despite their diminutive size and cost, always protect connected devices with the same care you apply to larger computers.