Despite cyber security making a huge number of advances in recent years, it seems there is still a lot for professionals to learn. This was shown by 11-year-old Reuben Paul at a cyber security conference in the Netherlands, when he managed to hack Bluetooth devices live on stage and use them to control a robotic teddy bear.
The sixth-grader from Texas used a laptop and Raspberry Pi to scan for Bluetooth devices, finding that dozens of numbers could be downloaded, many of which belonged to top officials. He then managed to hack into his bear via one of the numbers to manipulate it, in a bid to show that the Internet of Things (IoT) means any device can be weaponized if it is not properly secured.
Most internet-connected things have a Bluetooth functionality ... I basically showed how I could connect to it, and send commands to it, by recording audio and playing the light.
IoT home appliances, things that can be used in our everyday lives, our cars, lights refrigerators, everything like this that is connected can be used and weaponized to spy on us or harm us.
With IoT devices able to provide hackers with sensitive information and, in some cases, a person's location and ability to watch them remotely, businesses need to ensure they have practical solutions for securing devices.
Consider what needs to be connected
Not every device that has the ability to connect to the internet necessarily needs to be connected, especially if you are unable to make it as secure as possible. Network World suggests assessing availability both on and offline in order to assess the benefits of connecting every device to the IoT. It may be that there are no real benefits to having smaller items connected, and so it would be more secure to keep them primarily offline.
Look into segmentation
Not only does segmentation help in terms of IoT device functionality, it can be beneficial when it comes to cyber security. Virtually segmenting IoT devices on separate networks based on their functionality will help to ensure that sensitive information cannot be accessed through devices with limited security.
In this way, this can also help you start to filter your IoT traffic, ensuring that higher priority is given to vital devices, which could help make your organization more effective.
Allowing users to authenticate an IoT device can help to keep it secure and ensure it is not misused. There are a lot of options for authentication, allowing your company to choose the best option for its processes.
As Forbes explains; this can cover everything from simple passwords and pins or more secure options, such as two-factor authentication, depending on the requirements of your company and what security measures are already in place.
Keeping data protected by using cryptographic algorithms will help to secure it against hackers and protect your network. When data is in transit between IoT devices or when it is stored and not in use, it should be encrypted to avoid instances of data sniffing that could put your company at risk.
However, it is worth remembering that the various different IoT devices available will mean that standard processes for encryption are limited, so you will need to put new protocols in place to combat this.
Create private networks
Keeping your IoT network private and separate from other networks and public internet is perhaps one of the simplest options, but often staff can fail to comply with this. Implementing guidelines and monitoring to ensure IoT information is kept isolated from other company data can help to ensure it cannot be accessed via an open internet connection.
While your IT department is likely to understand the importance of this step, other departments may not. This means that training and communication are crucial to ensuring safety precautions are being used to their fullest.