Challenges of Protecting a Connected EnvironmentBy Guest Author | Posted 2017-02-02 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Many connected products have weak security and controls, and that creates points of weakness in a user’s critical private networks, systems and data.
By David Britton
Every day millions of new things get connected online, including toasters, heart monitors, cars and even cows. That’s right, cows.
In the Netherlands farmers have connected their cows to the internet, giving them access to the 200 megabytes of data each cow generates every year. This data gives the farmers insight on the cow that they might not have known otherwise. For example, where the cow may be located at a moment in time, how the cow is behaving, and even the health of the cow.
This level of connectivity and insight certainly brings convenience to both businesses and consumers. It also, however, highlights the security challenges involved in protecting a connected environment that freely passes data between many different devices.
The world’s population is projected to be at almost 8 billion people by 2020, and much of that population will have several smart devices in the home. However, many of these connected products have weak security and controls, which create points of weakness in a user’s critical private networks, systems and data.
Complicating matters is that there is little or no consistency in how connected products actually connect to the internet. Products can be connected using WiFi, Bluetooth, RFID and so on—all of which have different connection technologies that could create points of weakness in users’ critical private networks, systems and data.
A seemingly non-critical device within the network of things, such as a simple fitness bracelet, can now be leveraged to gain access to other systems or more critical devices within the same connected network. Any good cyber-criminal knows that the best place to attack an entity is at the weakest point, and the internet of things is no exception. Cyber-criminals are creative and motivated. If they are persistent enough, they will find the vulnerability and get into the network through the IoT.
As more and more products are connected, the casual mindset about the security risks inherent in the IoT must begin to change. Working in the mindset that any product poses a significant potential for threat, here are some helpful guidelines.
1. Access to systems should require more than just credentials. Businesses should leverage cyber-intelligence and complex device recognition solutions to prevent unauthorized access.
2. Designate who has access to systems and clarify why they need it. It is also important to understand the normal access behavior of the individuals logging into these systems, so that when anomalies occur, immediate preventative action can be taken.
3. Clearly outline roles and responsibilities in terms of access monitoring. This can be segmented by factors such as channel or line of business.
4. Share intelligence across the consumer and enterprise side of your business. Many businesses have strong authentication requirements for their customers, but most data breach activity happens as the result of employee credentials being compromised and used to gain access.
5. Partner with providers that have been successfully solving the account takeover problem. The concerns and vulnerabilities of account takeover problems in the digital realm using fit-for-purpose technologies are similar to the concerns and vulnerabilities in the IoT world.
6. Apply robust privacy policies and practices. Doing so will ensure that the data you are collecting is actually required for the services you offer, and that the data collection practices are easily understood by the consumer.
7. Any collected data must be treated as highly sensitive information. It is important to note that even seemingly uninteresting data can be used by fraudsters to build robust and accurate stolen identities, which can be used for online impersonation, social engineering, phishing attacks and more.
To help consumers protect themselves against the risks and vulnerabilities regarding the internet of things, employ these tips to help limit your exposure to risk.
1. Make sure that the products and services you are purchasing and plugging in are from reputable companies.
2. Ensure that the providers of those products and services have clear privacy and data usage policies.
3. Be aware that the data from any smart device may make its way to third parties for a variety of purposes, and that there are not always standard policies across providers.
4. Make sure that any access to those systems is always closely guarded.
5. Be aware about IoT applications installed on a device and only download applications from the iTunes App Store or Google Play, rather than gray market app platforms. Apps that are downloaded should only be ones that are created by trusted entities.
The IoT future is here as it relates to online access to multiple devices, and there are massive benefits to society. But with those benefits comes accountability—both from businesses that develop and create connected devices and from the consumers who enjoy them.
Thoughtfully applying appropriate levels of holistic thinking will go a long way to ensure that the internet of things continues its rapid and exciting expansion.
David Britton is the vice president of industry solutions, fraud and identity, at Experian.