Over the past few years, IoT devices and applications have become new targets for attackers. The ever-growing number of deployed devices, which are increasingly more intelligent than ever, provide targets that are far too easily exploitable. As devices become smarter, attackers are discovering new weaknesses that offer an opportunity for successful breaches.
When deployed at scale in large numbers, a given flaw can be greatly magnified, and the cost of human touch to repair could increase dramatically. Cellular IoT devices are particularly vulnerable because they can be accessed and attacked over long-distance networks – often over the Internet.
Enterprises must plan accordingly! Aeris Co-Founder and Chief Evangelist Syed “Z” Hosain offers three pieces of security advice for any organization leveraging cellular IoT implementations:
- During device and application design, assess possible attack mechanisms and implement a sufficient degree of protection in the context of the harm that a breach could cause. For example, a device used to monitor rainfall will have radically different security requirements than a medical monitor in a hospital.
- Select an IoT provider that provides secure networks, but also the monitoring and visibility needed to detect breaches. At a large scale, using machine learning to detect IoT use patterns, along with artificial intelligence tools to automate mitigation processes, may be required.
- The resolution of breaches could require over-the-air (OTA) fixes long after deployment. Budget (and test!) OTA capability in sophisticated cellular IoT devices to update their security. It could be financially impossible to manually touch large numbers of devices deployed in remote locations.
The bottom line: implementing security in cellular IoT must never be an afterthought and never assume that all IoT security risks can be eliminated up-front!
