Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Understanding the needs of IoT security

By Joseph Carson
internet of things
June 29, 2020

Humans like patterns. We also like trends, labels and buzzwords. We like to fit our problems into a category that can be easily solved by one answer and when this can’t be done, the labels by which we categorize our problems become more and more complex.

The Internet of Things (IoT) isn’t new by any stretch of the imagination. It’s something that’s been around since computers were first connected to each other. As the space evolved, networked devices, phones, servers – anything you connect to the network – all became a part of the IoT. In its simplest form, IoT is just another connected device and while a new buzzword has emerged to define it, it is no different from a network as it was many years ago.

 

What has changed?

So, if IoT is something we have been trying to secure since the 1960s, why has no utopian technology taken the helm to protect our networks? Ultimately, the functionality of the devices that are connected has drastically progressed as well as the tasks they are meant to carry out. While in the past it was computers that had the ability to be programmed or changed to carry different functions – whether it be a web application or some type of financial application – today devices and hardware are now carrying out more specific functions, more targeted and simpler tasks.

 

What’s the risk?

From a security perspective, we also tend to look at IoT in the wrong way. With every new device, we assume the technology will be vulnerable with a very high risk of compromise. The reality is that most IoT devices have a very low risk individually, but their functionality is what leaves them susceptible. Is it a data processor? Is it a data collector? Is it a data correlator? The device’s actual role in the network needs to be vetted to understand the risk posed. Here are 3 questions you should ask when evaluating the risk of an IoT device:

  1. Is it something that could potentially attack the network? An availability attack!
  2. Is it something that could have data poisoning? In other words, could the data that it is generating be manipulated? An integrity attack!
  3. Is it providing an access point for an attacker to gain entry to the network? A confidentiality attack!

By changing how we define IoT devices to focus on functionality, we can begin to conduct better risk assessments and better understand how malicious actors may abuse any security gaps to their advantage.

 

How can you secure IoT?

At the ground level, securing IoT must first come with holding manufacturers to a minimum standard of security by design. Governments and industries are responsible for defining these standards, whereas manufacturers in turn must be held accountable for ensuring the devices include security best practices and endorse customers who enable and use them. Simple measures include ensuring default passwords are not used, data is encrypted at rest and in transit, as well as ensuring that security patches and updates get installed as soon as possible. It must also be clear when selling such devices how long the manufacturer will support security updates, a standard that governments must push for. Incentivizing consumers to use security by giving discounts, etc., is another effective way to add an additional layer of defense.

Many organizations are spending blindly on IoT devices as suppliers do not make it clear what security features are available and they mostly focus on ease of use, sacrificing security by design. Regulations are surely coming and will likely force vendors to display, inform or even go as far as ensuring security best practices are easy to enable and use. For organizations, the best way to protect and secure IoT devices is to enable strong privileged access management controls that change passwords regularly and enhance security controls to ensure only authorized users can access and configure them.

 

5 tips for IoT users

The consumer is the last line of defense when it comes to the security of an IoT device.  At a time when many employees are working from home IoT security has become more critical and important. Here are some good standards to abide by when engaging with the online realm:

  1. Turn on the security features and use them. The biggest issue with IoT is that most devices by default have security turned off in favor of ease of use, along with default credentials that never get changed, which creates the perfect playground for cybercriminals to take advantage of an IoT devices’ lack of cybersecurity.
  2. Keep IoT devices, such as a Ring device, on a separate Wi-Fi network and use a password management solution to ensure that you change default or weak passwords by selecting complex system generated passwords for your Ring Accounts.
  3. Use Two or Multi-Factor Authentication for the Administrator access to the device.
  4. Read the instructions and understand what security features are available.
  5. Turn the device off when it is not being used – if it is completely powered off it cannot be hacked or abused.
KEYWORDS: cyber security data security device management Internet of Things (IoT) risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Joseph Carson is a cybersecurity professional with more than 25 years' experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Thycotic. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Russia and Cyberattacks

    Debunking the 5 Myths of Sophisticated Cyber Attacks

    See More
  • board room

    Cybersecurity Tips for the Break Room and Boardroom

    See More
  • ports 2 responsive default security

    5 Security Risks Professionals Face While Working on Vacation

    See More

Related Products

See More Products
  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

  • intelligent.jpg

    Intelligent Network Video: Understanding Modern Video Surveillance Systems, Second Edition

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

See More Products

Events

View AllSubmit An Event
  • February 20, 2025

    Ideological Tensions in the Workplace: Understanding and Mitigating Risks of Violence

    ON DEMAND: Organizations face evolving threats, including workplace violence stemming from ideological tensions, political polarization, economic disparities, and other factors.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing