Do you remember what you were doing on October 21, 2016? Probably not, but I can tell you what you weren’t doing. You weren’t on Twitter, Spotify, Netflix, Reddit, Tumblr, or visiting so many other major websites.
Why not? They were down for hours thanks to a major attack against the Internet of Things.
Attackers took advantage of common vulnerabilities in IoT devices to create a botnet, which they used to flood DNS servers with multiple waves of malicious traffic. The DDoS attack resulted in widespread outages so severe that people simply claimed that “the internet went down.”
For all the benefits that the IoT can bring your business, it’s clear that successful attacks can cause disaster.
Before you invest too heavily in IoT architecture, make sure you know all about the security risks involved (and what to do about them).
5 Common Vulnerabilities for IoT Devices and Architecture
Gartner predicts that by 2020, we’ll have over 20 billion connected devices in place globally. The Internet of Things is a force that can’t be avoided—our need for greater data collection and analytics far outpaces security concerns.
Instead of ignoring IoT innovation, we need to find ways to harden architectures against common vulnerabilities. Here are 5 to keep in mind as you invest resources in the IoT:
1. Insufficient Authentication/Authorization
Just like on your central network, authentication and authorization policies must be enforced on all IoT devices. When these policies are weak and ineffective, attackers can compromise the device and use it to launch any number of threats (like the 2016 botnet attack).
2. Weak On-Device Web Security
Especially as edge computing becomes the norm, IoT devices are increasingly built with local web servers/interfaces to boost functionality. However, security flaws in the code can lead to a compromised network.
3. Communication Interception Between Devices
Sniffing applications allow attackers to analyze the traffic flow across your IoT architecture, giving them the opportunity to steal even your encrypted data.
Attackers can target protocols used for device-to-device communications, altering traffic by compromising just one IoT node and sending threats to the network at large.
4. Unsecure Connections to the Cloud:
While edge computing will push processing power to IoT devices, cloud connections will always exist.
When you’re transporting data from IoT devices through the cloud and back to your central data center, you’re giving attackers opportunities to insert themselves in the middle of communications. Any security concerns you have with cloud computing apply and are often multiplied due to the volume of IoT devices.
5. Complexity of IoT Management
The sheer volume of IoT devices results in maintenance challenges for IT. Each device has to be patched regularly and networking pros have to stay ahead of any potential firmware vulnerabilities.
Without the right approach to security, these vulnerabilities can slip through the cracks.
What Can You Do About These IoT Vulnerabilities?
The risks associated with the Internet of Things actually aren’t all that different from the risks you face with other technologies. At its core, the IoT is a combination of mobile devices and cloud connectivity. The risks are similar—it’s just that the scale is far greater.
So, defending the Internet of Things is less about overhauling your entire security strategy and more about being able to scale your existing. That means, first and foremost, having total visibility over the widespread IoT architecture.
If you’ve spent any time reading our blog posts, you know that we talk a lot about the visibility limitations of SPAN ports. In the past, you may have survived with SPAN connectivity despite these limitations (albeit while risking dropped packets and potential security vulnerabilities).
However, the scale of IoT architecture would completely overwhelm SPAN ports and exaggerate all the attack surface of your network. Scaling your security strategies and infrastructure without sacrificing visibility requires network TAPs that guarantee you’ll see every bit, byte, and packet.®
[If you want to learn more about how network TAPs contribute to security at the edge of the network (where IoT devices live), check out our free white paper, Managing the Edge of the Network: A New Necessity for Security Architects.]