The concept of the Internet of Things (IoT) has introduced new complexities into the web of network security, and the approach to security has to change to accommodate that. In previous posts we've talked about predictive analytics and changing security policies for the digital revolution of IoT, but what exactly is going to change in the realm of data security? Well, according to most technology sources, almost everything.
The Game Changer
The biggest problem with security in the IoT is that hackers are coming up with new ways to commandeer and take down IoT devices everyday. This "guerrilla warfare" method is not traditional because it can come from almost any angle (within the corporate data system, attacks on the actual device, etc), so a pattern of attack is hard to establish and then look for within the system. Commercialized products for general public consumption are especially vulnerable because as the products are developed they are often pushed to market before their security features have been fully tested. The agile method of releasing and then reiterating is good for making progress and getting user feedback, but can leave devices vulnerable to attack. There are, however, several ways to combat these security vulnerabilities.
Move from Reactionary to Proactive Monitoring
A big focus on data analytics will help solve many security problems if organizations know what they are doing. Since attacks can come from all angles and are harder to predict, the old model of reacting to an attack in progress has to change. Organizational systems can't afford to be taken down for hours or days at a time, and as more and more personal data becomes available with IoT devices, attacks on that data will become more frequent. The act of data mining, however, can help mitigate attacks by establishing a baseline of activity. Searching through massive amounts of data to identify patterns helps data analytics professionals see the patterns of normal behavior, which then allows them to more easily see patterns that aren't normal. This shift from reactionary to proactive monitoring will help organization ensure the safety and security of devices and keep cyber attacks at bay.
Focus on Human Behavior
Another big focus on security should come from the realm of human behavior. In addition to stepping up security practices from an organizational level, educating the public on personal security should also be a focus. Too many people with personal devices rely on default passwords for devices and never think about where their data might end up. While it might seem innocent enough and they may not care, for example, if a hacker gains access to a wearable device and can track the amount of steps they take each day, that data could also, for example, contain location whereabouts.
Educating consumers on safety practices is paramount, but the biggest challenge is that people need to understand the reasons behind these practices, not just that they should do them. That is also the biggest challenge to better security practices within organizations. While most companies do have security policies and mandate security training each year, employees often do not understand why they need to follow the procedures and what could happen as a result of their (even accidental) negligence. Also, many procedures are outdated and cumbersome, oftentimes making an employee's job harder to do.
If organizations and the public at large are going to affect human behavior from a base level, where people go out of their way to follow a procedure that may make their jobs or lives harder, messaging around the importance of security has to involve not only steps to be taken, but the reasoning behind the steps. This might include security classes or a larger explanation of what effect not following security policies and procedures have on the customers and the world. What matters is that people understand the potential effect their behavior has, not just that they are mandated to act a certain way. Only then will we see a real change in behavior.
Combining human behavior changes with predictive analytics would increase the amount of security that all IoT devices have within any system. Organizations and the public at large should work to introduce these changes sooner rather than later.
If you are ready to get started but are not yet a CenturyLink platform customer, no problem. Get started with a free trial today.
We’re a different kind of Hybrid-IT provider – let us show you why.