The Cisco Visual Networking Index reports that almost half a billion (429 million) mobile devices and connections were added in 2016. Smartphones made up the bulk of this growth, followed by M2M modules. These devices, self-driving cars, mobile-connected tablets and more comprise the mobile internet of things (IoT). It is a network that continues to expand as innovators find more ways to improve life and work processes.
Chief among the myriad challenges of mobile IoT for network operators is security. As the network of connected things has grown, so has cybercriminals’ drive to exploit it. Businesses might not think about the cybersecurity settings of their photocopiers, for instance, yet 2016’s Mirai malware used hundreds of thousands of IoT devices to create a botnet that took down popular proxy server Dyn and, with it, nearly one-third of websites globally.
Close to 20% of organizations have reported dealing with malware that targets mobile devices. These devices continue to present a challenge because they don’t have the level of control, visibility and protection that traditional systems receive.
With reputation and customer experience literally on the line, carriers are wondering what it will take to keep their networks and their customers safe. It’s not an option to ignore the IoT and its tremendous potential to provide a competitive advantage. Choosing and deploying secure IoT solutions produces valuable new business insights and efficiencies while protecting your data and infrastructure assets.
How safe is that sensor?
An often-neglected but critical step that service providers can take to safeguard their networks is to understand the level of security that manufacturers have built into IoT devices before purchasing them. While it is (relatively) easy to design and ship an IP camera, for instance, the ease with which a cybercriminal can hack it from factory settings makes installing one an unacceptable risk factor to the network.
Regulatory bodies have definitely made the connection between security and IoT devices, as evidenced by the January 2017 complaint that the FTC filed against router giant D-Link, charging that the company had deceived users on the security of its products and failed to take steps to secure those products appropriately. This case has become a bellwether because the complaint was brought in response to the vulnerabilities themselves, not because of a breach exploiting those vulnerabilities. This is a sign that regulators are taking a more aggressive stance in demanding that connected device manufacturers take clear and sufficient steps in securing their products.
Purchasing IoT devices: what to consider
To help create a stronger IoT ecosystem within your organization, here are three best practices to implement immediately:
- Gather a top-notch mobile IoT team: A solid team of mobile IoT security professionals is a necessity today, but be sure to clarify your terms. A job ad asking for an IoT professional may attract ten people with ten different backgrounds. Think instead about what your company does with connected devices and the specific skills it needs to manage and deploy those applications, systems and devices securely. Looking for and training people with IoT certifications is a way to ensure a robust bench of those skills.
- Ask for individualized security: Relying on an IoT device’s factory settings is a recipe for disaster. Demand that each device has a unique password from the manufacturer, printed on a sticker that’s included on the device. This significantly reduces the chances of compromise.
- Think carefully about open source: Open source IoT software is an easy, cheap and flexible option. But hackers can exploit security flaws rapidly, and patches are often slow in coming. IT teams should be aware of the risks in using technologies that are based on open source code and determine if the benefits outweigh the risks.
Protecting the whole network
Mobile IoT is booming, with no signs of slowing down. The growth potential is enormous, but so are the risks. Network providers faced with increasing cybercrime and the resulting increase in regulations can protect their networks and their customers with a comprehensive cybersecurity strategy. This will include building security into the network at the infrastructure level by applying the three best practices recommended above.