The evolution of IoT has led to large bytes of data being shared with many participants. In fact, more sensitive data from sensors, industrial devices, mobiles, medical equipment etc. has been increasing tremendously. The growth in IoT has led to new ways in technology, media and telecommunications business creating values and revenue streams.
This also has led to creating new opportunities for information compromise. As large amounts of sensitive information are being collected, communicated and analyzed there is largely a great risk in data and information compromise.
At this juncture, the below pillars are very sensitive which leads to data and information leakage resulting in a major cyber flaw.
1. Weak, Guessable or Hardcoded passwords are easily brute forced and can be made available publically.
2. Network services if not secured, especially those which are exposed to internet leads to compromise of confidentiality, integrity, and availability of information allowing unauthorized remote control access.
3. IoT ecosystem interfaces like web, API, cloud and mobile interfaces outside the IoT environment without any authorization, encryption and lack of web filtering leads to a major threat.
4. Device update must be done in a secure manner which includes firmware validation, encryption and proper roll back mechanism.
5. Usage of deprecated software, insecure components, outdated versions, and libraries will lead to a security compromise of devices. At times the operating system is exposed to threats and vulnerabilities because of outdated libraries leading to security flaws.
6. Encryption of data in three stages – Rest, motion and use must be considered as a top priority while communicating and interfacing with devices. Else it will lead to massive data breach and exposure of sensitive data to hackers.
7. Data privacy and protection of personal information must be taken into high priority complying with data protection laws and governance of the respective regions.
8. Security support on devices that are being deployed in the production environment must be taken into consideration which includes asset management, update management, secure decommissioning and secure monitoring of devices.
9. Devices must be securely configured with respect to their default settings. Else this may lead to operator modifications and possess a serious threat.
10. Physical security and hardening of devices are very much essential which will prevent hackers from taking complete control of devices and launch an attack.
Authored By - Vishnu Charan Venkatasubramanian
TCS Cyber Security Practice