According to popular statistical forecasting web-site ‘Statistica’, the global market of Internet of things(IoT)end-user solutions is expected to grow to 1.5 U.S. trillion dollars in size by the end of 2025. This market essentially comprises of an ecosystem of a variety of devices such as home appliances, lighting solutions, televisions, watches, fit bands, speakers, cars and other automobiles etc which communicate with the user, operating them, by sending information over the internet. This significance of this forecasted figure in no way can be underestimated, as it paints a picture of what the future would look like. A future where all the devices in our homes will be connected to the internet will interact with each other and us and at the same time, will also collect a lot of information as well. Therefore, it becomes absolutely important for us to have some basic knowledge about how we can protect ourselves and our data from these devices and how we can secure these devices from any miscreants and people trying to compromise them. This blog will take one through the exact risks and challenges these devices posses and how to mitigate those challenges as well.
What are the challenges we face while using these devices?
- IoT is an emerging technology and is in very early stages of development and unlocking its complete potential. This inherent nature raises a lot of challenges concerning the protection of user privacy and data security. One should also realise that this is not a mere conjecture but rather a manifestation of the fact that almost half of the American companies which use IoT Devices were hit by a security breach in 2017.
- Another challenge with these devices is that they are often created by manufacturers who don’t have much experience in the particular field of network security or information security. The devices are often a compilation of parts and resources from multiple vendors, which inherently raises concerns as different vendors and manufacturers have different protocols and techniques of implementing security mechanisms or sometimes not applying at all. The same thing was highlighted in a blog by Kaspersky Security a popular antivirus and Cybersecurity company, as well.
What are the solutions to these challenges?
The solution to the problems associated with IoT devices has two facets. The first one being from the user’s end and the second one being from the manufacturer’s end.
Steps from the user’s end:
- Implementing a comprehensive endpoint security mechanism
All the IoT devices are connected to the internet and the internal networks as well, which is obviously required for them to function properly. However, it becomes necessary to implement endpoint security mechanisms in all the other devices connected to the network so that the compromise of one IoT device doesn’t become the reason for the compromise of others. These measures would include setting up :
● Firewall
● Antivirus solution
● Internet Security
● Encryption
● Device Firewalls
● Mobile Device Management
● Mobile Security Solutions
● Intrusion Detection Techniques
● Application Controls - Authorised access and management Policies
A comprehensive mechanism for tacking an effective data protection system should be in place as well, where operations like Data access, authorization, threat detection are considered and policies which deal with such operations and challenges are determined. - compliance standards
If one’s organization uses a lot of IoT devices, a comprehensive information security policy, based on a standard which is accepted at global level, should be in place, where regular first party and second party audits for checking compliance with such policies and standards should also be conducted. ISO/IEC 27001:2013 is one such standard which is recognised at a global level and is recognised by the Indian Statutes as well.
Steps from Manufacturer’s End
- Testing the Device Hardware
The manufacturers should test the complete veracity of the devices which they are putting out by doing all the required data and information security tests, along with the third-party components and devices which they are adding in their products. They should also consider hiring and employing people who are the subject matter experts of the fields as it is often observed that the IoT manufacturers don’t have an experienced and robust team managing the inner workings of their devices. - Avoid Launching Products in a rush
The IoT market is highly competitive, however, the manufacturer should not proceed with their launches in a rush to compete in the market. An unfinished product could potentially be more harmful to the company as compared to a late entry in the market, as a threat or even potential threat could severely affect the company’s goodwill and position in the market. Timely and planned launches along with a focus on security patches and security updates are of utmost importance for these devices as well.