Why Your Enterprise Must Pay Close Attention to IoT Device Security
NEWS ANALYSIS: It's apparent now that Internet of things security is laughably bad, but you can prevent your enterprise from being the butt of the joke.
The woman on the videoconference screen looked at me in astonishment. "I didn't think we had a call scheduled," she said in alarm. The surprise was understandable, as she and another person seemed to be just lounging in the conference room. I disconnected the videoconferencing call immediately, and then checked my notes. I'd transposed a digit, and I'd called an obviously unsecured videoconferencing machine somewhere. I didn't wait to ask where, but that videoconferencing machine wasn't the first device I'd found on the Internet. In fact, the Internet of things has been around for years, since long before the Web was invented. In those days, network engineers took pride in their Internet connected soft drink machines, devices programmed to warn when their coffee pot was empty or to keep tabs on the fish in their aquarium at home. None of those things had any sort of security at all. Anyone who could find the right IP address could monitor the status of these unsecured devices. Since then, tens of millions of new things have been connected to networks around the world. We have moved far beyond connecting soft drink machines and coffee pots to much more critical devices, including surveillance cameras, printers, security systems as well as water and gas meters.
My conversations with European security experts has revealed a deep concern over the spread of these devices and the difficulty in securing them.