The explosive growth in the market for Internet of Things (“IoT”) devices has added billions of new IP addresses to an already-crowded internet. Rather than overwhelming the hacking community with numbers, this volume of IoT devices has opened additional portals for hackers to access individual devices and corporate networks.
In fact, hackers now have access to a tool that can scan every IP address on the entire internet in under an hour. The sheer volume of IoT devices does nothing to cloak any single one of them. IoT devices are particularly vulnerable to hacking for several reasons. They might utilize firmware, for example, that is common among thousands of the same devices. When hackers learn how to access one device, they can then access every other similar device that uses the same firmware.
Securing networks from cyberattacks that come through IoT devices is, in part, a function of enhancing the cybersecurity of the devices themselves. Individuals who utilize IoT devices in their homes and businesses that seek to protect their networks from unauthorized IoT-originated incursions can take a few steps to enhance their privacy and security protections.
First, individuals should use separate networks for IoT devices and computers. That network can be the “guest” network that many routers support, or a completely separate router that only manages IoT devices. A separate network limits IoT access to personal files and other information that is stored on an individual’s primary computer.
Second, all IoT devices should be set up with automatic firmware and software updates. Cybersecurity experts have recommended to IoT device manufacturers that their devices should be upgradable with “over-the-air” technology to automate the process. This technology will also shorten the lag time between discovery of an IoT device security flaw and universal correction of that flaw.
Next, companies that are wary of IoT security flaws should establish strict procedures to segregate employee IoT devices from their workplaces. Employees wear personal fitness trackers, use their own smartphones and tablets, and transport data with USB devices that they plug into both secured corporate and unsecured private computer systems. Businesses should continually educate their employees on the security gaps that personal IoT devices create.
Fourth, before a business installs any IoT device at its premises or on its network, it should conduct thorough due diligence on that device and the potential security risks that it might engender.
Fifth, simple solutions such as two-part network login authentication will go a long way toward protecting a network from an IoT threat. Secure sockets layer (“SSL”) certificates that establish an encrypted link between an IoT device and a network will also create an enhanced security environment.
Last, businesses should purchase cybersecurity insurance (also known as “cyberbreach insurance”) to cover costs that they incur when IoT-based cyberattacks target their networks. Cyberbreach insurance can replace revenues that a business loses when its networks are impaired. It can also cover the costs of notifying customers of the potential loss of their personal or financial information, and finance identity-theft protection following the breach.
Like the market for IoT devices, the cyberbreach insurance market has experienced dramatic growth since its founding in the late 1990’s. The increasing sophistication of some types of cyberattacks and the prevalence of IoT portals will likely push further growth in the cyber breach insurance market over the next several years. Businesses can install multiple technology solutions on their networks to thwart cyberattacks, but none of those solutions is perfect. Cyberbreach insurance can fill the last gap to protect a business from financial losses for those times when a cyberattack is successful.
