The rate of ‘things’ being attached to the internet is increasing and everyone has heard the term ‘Internet of Things’ (IoT), but are they aware of the security risks involved?
It means that devices and appliances that traditionally had operated quite happily in their own way and in their own place in the world, are now being forced to connect to the internet. Even if it seems like a daft idea. Often when I buy technology, it’s because of the thought and the initial magic of owning something new rather than the operation and continued use of it. There’snow a fridge with a camera inside of it, in case you’re out at the supermarket and need to know how much butter you’ve got left. Presumably, the light comes on when you use it. Maybe the camera is there to answer that age-old question? The internet connected fridge seems like it was created because of the idea that everything needs to be connected to the internet. How much use an internet connected fridge might get after the initial novelty has worn off, I’m not sure but what is clear is that there is now the potential for someone to use it to access data and other connected devices within your house. Long after the novelty of an internet connected fridge has worn off, it will continue to cool your food and still be connected to the internet.
This illustrates the side effect of connecting more devices to the internet. The risks to security exponentially increase. The more devices, the more attack points, which means more management overhead to patch them and validate compliance. In a business context, those devices are potentially outside of the organisation perimeter. A lot of these could be remote devices and connected to the internet using non-traditional business methods. They could be anything from a sensor monitoring water flow in a river, to the camera on a motorway or even an internet connected toaster. The age of apps and cloud services has enabled everyday people to manage and adjust all manner of life-encroaching technology wherever they are, and all through the public internet.
More and more businesses are adapting to this style of working and connecting systems for data gathering, monitoring and alerting or remote command and control purposes. Every device increases the attack surface and the risk of a cybersecurity incident. IoT devices could become points of entry onto the network or be the target of a cyber-attack, therefore understanding their normal posture and monitoring their activity becomes even more important. This can be challenging as often devices can be spread across locations, campuses or even geographies and supporting security intelligence at scale can be difficult without the right tools.
Celerity have a rich portfolio of enterprise-grade, highly scalable solutions that can help to meet these challenges. Using our Citadel Security Threat Detect capability can help reveal security threats and provide insight into cyber security related activity across the IT landscape, including IoT. This means you can take control of the risks that are presented by the growth of devices within your network and illuminate the blind-spots that they create.
Steve is a Lead Technical Consultant at Celerity Limited and has worked in the IT industry for over 20 years. His foundational strengths are in large enterprise environments. His current role focuses primarily on Celerity’s portfolio of products (Intuition & Citadel) that deliver monitoring and automation and cyber security both in the cloud and on-premise.