The Internet of Things is already with us and it requires a paradigm shift in the way that organisations think about security. While protecting sensitive data will continue to be of the utmost importance, the rise in connected devices raises a new security concern; how to trust the identity of these devices. Enterprises and other organisations must shake themselves out of the mind-set that online security is simply about protecting data. With the rise of the Internet of Things they must also ensure that they can protect and verify the identity of every device that connects to their environments.
This is the view of Allen Storey, Product Director at Intercede. Storey warns that the growth in connected devices gives criminals access to greater and more diverse opportunities for extortion, theft and fraud, which are likely to be even more damaging – and potentially life-endangering – than today’s malware that holds data to ransom, such as Cryptolocker. These attacks don’t just threaten to disrupt corporations. With critical national infrastructure being brought online, such as power generation and electricity grids, they become potentially vulnerable to attack from terrorists or hostile nations. A successful attack on infrastructure control systems has the potential to wreak massive disruption, and even death, in its wake.
To combat the threats inherent in the Internet of Things, organisations must have absolute confidence that the devices which connect to their networks are the devices they claim to be.
Establishing the true identity of any machine or device is a critical element in preventing criminals gaining control of, or access to, a company’s network. Anything that is Internet-connected but unprotected can be compromised, and can provide a wealth of valuable data to criminals. One example would be the ability to monitor staff movements to track or target a particular employee for some nefarious purpose, from theft to blackmail.
The most important first step is to ensure that any Internet-connected device is properly identified, so it can be trusted. One of the best methods of protecting a device is with a secure element embedded within it which can’t be copied or tampered with, and which can hold cryptographic keys that are unique to that one device. Combined with authentication that verifies each user or device that attempts to engage with it, embedded security provides an essential element of any defence against criminals seeking to exploit the Internet of Things.
Read more: Securing the Internet of Things