Connect with us

Security

How Connected Data Transforms Risk Management

Last updated by

on

Businesses across all industries have to deal with cybersecurity threats that come with the increasing use of connected devices. To secure organizational data, it is critical to establish robust cybersecurity frameworks for the Internet of Things (IoT).

To standardize processes and ease the burden of data environment information security, the National Institute of Standards and Technology (NIST) issued a call for papers on April 18, 2018.

Internet of Things (IoT) Risk Management

What is the Internet of Things?

The broad definition of the Internet of Things covers any device that can connect to the internet or another device through Bluetooth technology. For example, your smartphone, laptop, Bluetooth earphones, smartwatch and other modern tech consumer products fall under IoT.

However, IoT is not restricted to consumer products only. Devices used in industries like healthcare, banking, oil and gas, engineering and others, which can connect to the internet, also fall under the larger ecosystem of IoT.

IoT drives efficiency in today’s world. For example, you can monitor your home security with CCTV cameras and access the data they gather through your phone. Businesses can also improve efficiency in their processes by using productivity tools.

Security Risks of Using IoT Devices

It is easy to control computers. For example, you can set passwords to restrict access to them.

However, with the Internet of Things, controlling devices is a little complicated. This is because the IoT ecosystem helps automate activities so that we interact less with devices while getting more information.

For example, doctors can use pacemakers equipped with IoT capabilities to monitor hearts. The doctors will not need to be with the patient physically to get the heart data.

However, a security risk emerges when this data is being transmitted from the IoT-enabled pacemaker to other devices, for example, a laptop. Since these two devices (pacemaker and laptop) are not on the same network, the data being transmitted between them can be intercepted by third parties, which can turn disastrous.

The Biggest Risks of the Internet of Things

IoT-enabled devices pose a number of security concerns that relate to the interception of the data being shared between the devices. These security gaps should help to inform your risk management strategy.

Authentication

Bluetooth connections do not provide a high level of authentication as network connections do. When you connect your laptop to a Wi-Fi network, you can set up authentication protocols such as a username and a password. You can even set multi-factor authentication for more security.

When devices connect with each other through Bluetooth, they get a unique “address” similar to an IP address. However, users cannot put a username or password to this address for authentication purposes.

Confidentiality

Since the information being transferred from one device to the other in the IoT ecosystem is not secured using an authentication method, third parties can intercept it. This scenario can play out like what happens with public Wi-Fi, where you can access other users’ devices.

Authorization

With traditional networking, you can control the users that can access your device and the data they can access. On the other hand, the security of Bluetooth connections is not robust to protect the devices connected to each other from unauthorized users and programs.

Since Bluetooth cannot be protected using a username and password, you cannot control what a user can or cannot access in the device.

Integrity

Since there is no way of setting authorizations, you cannot be sure of the people or programs accessing the data being shared through the Bluetooth connection. This means that anyone can intercept the data being transferred through the Bluetooth connection and that in the devices connected to each other.

Pairing

There has to be an information-sharing connection between them to pair a Bluetooth IoT device with a computer, tablet, or smartphone. When you leave the primary device open to a Bluetooth connection to form your IoT connection, other devices in the zone can see the Bluetooth connection and connect to the primary device.

Goal of the “Lightweight Cryptography” Project by NIST

At the moment, there are no IoT standards, and given how various IoT devices are, their potential risks cannot be underestimated. For example, if an IoT syringe being used to dissipate pain medication is hacked, the results can be catastrophic. Imagine a malicious actor hacking the syringe to steal data or even overdose a patient!

NIST is proposing the creation of IoT standards that will increase data protection across all devices. Through the Lightweight Cryptography project, NIST is proposing a minimum set of authentication requirements that will secure IoT devices against brute force attacks. The project also seeks to get IoT solutions to work fast, consume low power and maintain low energy.  Leveraging the NIST framework and HITRUST (CSF) can help your organization stay ahead of zero-day exploits that can harm your clients’ health and/or safety when leveraging IoT devices for day-to-day business operations.

LinkedIn

Recent Posts

Tags:

BusinessBlogs is the popular online Hub for quality business articles. We publish unique articles and share them with our social followers. Read more on our 'About' page https://businessblogshub.com/about/

Continue Reading
Spotify
1password
PartnerStack