This October marks the 17th year of the National Cyber Security Awareness Month (NCSAM), a U.S. collaborative effort between government and industry to promote safe and secure practices online. But that doesn’t limit participation to the U.S. In 2019 organizations and individuals in all 50 states and over 40 countries joined in.
The 2020 theme is “Do Your Part. #BeCyberSmart,” with specific steps each week individuals and enterprises can take to create a safer connected experience, focused on connected devices. Here’s what DigiCert experts have to say about protecting connected devices both now and in the future, as the technologies continue to advance.
If you connect it, protect it
Every internet and Internet of Things (IoT) user has a responsibility to reduce their security risks. This is increasingly difficult as online and offline life are becoming indistinguishable.
Mike Nelson, DigiCert VP of IoT Security, explained in a recent article, “As someone who has spent over a decade in the IoT security space, I have seen many attacks and vulnerabilities affect the IoT devices in my life. Yet I don’t shy away from smart home devices. You shouldn’t have to either, if you take steps to secure them.” Nelson explains simple steps like avoiding default passwords, keeping software up to date, and managing permissions can help users secure their devices and ultimately stay smarter than their smart home.
Securing devices at home and work
2020 has blurred the lines between home and work as many have moved work to home offices. Over the last few months, we’ve offered several tips on securely working from home, like tips for securing VPN, MDM and email. And the trend of working from home may extend well past 2020. Remote work has been on the rise, and according to the Federal Reserve, the percent of the labor force working from home has tripled in the last 15 years.
Dean Coclin, Senior Director of Business Development at DigiCert, explains, “Simply being aware that working from home can increase your risk of cyberattacks can help employees be on guard. And if employees learn best practices for working remotely now, it may help keep the workplace a little more secure both during the COVID-19 pandemic and always.”
Devices are also a critical part of the future workplace. According to a study by Vodafone on how businesses use the IoT, 74% of respondents say that organizations that fail to adopt IoT will fall behind in the next five years. And more and more devices are connecting, which can lead to severe consequences if breached.
“Managing the pool of devices connected to your corporate network is a pressing and growing challenge, with serious risks if not handled correctly,” says Brian Trzupek, DigiCert SVP of EM Product Management. “You will probably want multi-factor-authentication or even Public Key Infrastructure (PKI) for secure login. And if a device joins your VPN, you want to be able to have control over the device remotely. Remote device control provides you the ability to manage what is on that device, how it accesses your network and resources, and who can use it.”
Securing internet-connected devices in healthcare
While smart home devices are built to make our lives more convenient, IoMT (Internet of Medical Things) devices are built to save lives. Healthcare devices have the potential to help individuals around the world. We’ve seen devices enabled for remote surgery, COVID-19 testing and treatment, pacemakers and more. But if those devices are hacked it could have tragic consequences. That’s why it’s important to consider security in the development and adoption of the IoMT.
Nelson says that investing in the security of devices in healthcare is like investing in protective biking gear. “Six months before I crashed my bike, I was in a bike shop buying a helmet. The sales guy presented me with a few options: there was a $300 helmet and a $60 helmet. I asked him to help me understand the difference between the two. His response was classic. He said, ‘If you have a $300 head, get a $300 helmet. If you have a $60 head, get a $60 helmet.’ I got the $300 helmet.”
In the case of a crisis, you don’t have time to upgrade your protective measures; you’re stuck with what you’ve got. That’s why it’s incredibly important to invest in security now, but especially when it comes to healthcare devices.
The future of connected devices
Vulnerable devices threaten far more than data and identity theft. Connected vehicles can be hacked for fraudsters to take over steering, robotic vacuum cleaners that scan the architecture around them can be turned into remote spying devices, and even baby monitors can be vulnerable to adversaries listening in to conversations. These need to be secured and enterprises and users need visibility over their devices, encryption to protect data, and authentication of what is connected to their networks.
One way to solve IoT security is through Artificial Intelligence (AI). Avesta Hojjati, Head of R&D at DigiCert, explains that AI is “one to watch” for the future of IoT security. “We’re still figuring out what we want from the IoT, what data we’re going to let it collect and with what level of autonomy they’re going to use that collected data,” he says. “It is from that perspective that it makes sense to adopt security practices that can learn and grow with it.”
Hojjati says that AI can be used to spot vulnerabilities and patterns such as outdated operating systems, default passwords, vulnerable libraries, or a lack of authentication, encryption and signing. Over time, AI can learn to predict the likelihood of an attack on a device.
On top of that, we also will see more and more connected devices in the next several years, especially with the advent of 5G networks. 5G is not just for smartphones; in the future we’ll see more connected cars, connected medical devices and smart cities.
Our use of connected devices will only continue to increase, which enhances our need to protect them now. As individuals and organizations do their part to protect their devices, the connected world can continue to evolve and become a little safer for everyone.