You may be asking, what is IoT? IoT stands for the Internet of Things, which in simple terms, is a broad descriptor for the various connected devices (things) that are tied to your network. The number of IoT devices, such as smart devices or sensors that can connect to our networks is growing rapidly. According to the International Data Corporation (IDC), we will see “152,200 connected IoT devices per minute” by 2025 (Rosen). This surge is not going unnoticed by cyber attackers. SonicWall reports continued growth in the number of IoT attacks and warns that “with a deluge of new IoT devices connecting each day, increases in IoT malware attacks should not only be expected, but planned for” (SonicWall).
How many IoT devices are connected to your network right now? Think of all the smartphones, tablets, webcams, security cameras, smart home systems, sensors, fitness trackers and more devices that may connect to your network. Whether these devices are used for personal use or in businesses, they can provide you with data and information that can help you make decisions and be more productive, but each of them also increases your cybersecurity risk. This blog hopes to raise awareness around how these devices can be exploited as a point of access to your network, and steps you can begin to take to prevent this from happening, all without giving up the added benefit these devices bring to you.
To get started planning for the continued growth of connected IoT devices and their impact on your cybersecurity, the following three tasks are critical:
- Know the IoT devices on your network; document and maintain this list.
- Develop an IoT policy that incorporates cybersecurity from the beginning.
- Review existing IoT and cybersecurity compliance requirements.
Know the IoT devices on your network
You will first need to be aware of the devices that can potentially connect to your system. Regularly, do an inventory of your system to be cognizant of any devices allowed to connect to your network. Keep an up-to-date network map showing all devices as part of cybersecurity documentation.
Develop an IoT policy that incorporates cybersecurity
Also, know that If you share a wifi password with others, they can then connect their personal devices to your network. You will need to incorporate an IoT device policy into your existing cybersecurity policies. Within this policy, you can state which, if any, personal devices are allowed to connect to your network (and in turn, have access to other connected devices on the network). An IoT policy can also be used to designate individual staff members who are allowed to add permitted IoT devices to your network so you can better control your access points.
Review existing IoT and cybersecurity compliance requirements
As you are working on an IoT policy, refer to IoT and cybersecurity requirements and regulations you have to meet, whether for a government contract, domestic supply chain, or international supply chain. You will need to ensure that your policies and cybersecurity controls are working together to meet these requirements. Visit this link to access our free cybersecurity introductory course to learn more!