Protecting all your IoT devices from criminals requires more than mere technology. Every employee must be security aware and trained on what do to when attacks occur.
According to Symantec's 2018 Internet Security Threat Report (ISTR), the total number of Internet of Things (IoT) attacks grew 600% between 2016 and 2017. Increasingly, criminals are using these attacks to install malicious cryptocurrency mining applications on computers and IoT devices. Detection of this niche form of cybersecurity attack increased 8,500% in the fourth quarter of 2017 alone.
In many respects, the current cryptocurrency craze is a modern reboot of the Gold Rush era some 150 years ago. The lure of a making a quick fortune by stealing CPU cycles from unsuspecting enterprises is driving cyberattacks and threatening security for organizations everywhere.
While new technology can be deployed to fight the onslaught of IoT attacks, it will not be enough to stop them all. Executives, managers, supervisors, and employees at all levels must not only be made aware of the situation, but they must also be proactive in combating criminal elements intent on making a quick buck by exploiting IoT.
SEE: Information security policy (Tech Pro Research)
Train your people
Traditional security training emphasizes programs and protocols like proper credentials, authorized access, and approved devices. With the widespread adoption of IoT, employees at all levels of the enterprise must now be made aware of an additional set of security vulnerabilities.
Devices once considered the domain of the IT department and only the IT department should now be considered part of every employee's security responsibility. This is a major change in focus for most enterprise personnel and is going to require significant changes to training.
SEE: 27 ways to reduce insider security threats (free TechRepublic PDF)
Any meaningful enterprise-level security awareness and training program must explain where caution must be exercised, identify the appropriate security policies and procedures, and lay out the consequences that can and will occur if the policies are not complied with in full. The only way to make every member of an organization truly accountable for cybersecurity in the age of IoT is by creating a well-informed and well-trained workforce.
TechRepublic's premium sister-site, Tech Pro Research, offers a policy your enterprise can use to help develop this well-informed, well-trained workforce. The Security Awareness and Training Policy establishes a practical framework you can use to tailor training. In the age of IoT, enterprises can't afford to be reactive to cybersecurity threats—the stakes are just too high.
- 97% of risk pros say IoT cyberattack would be 'catastrophic' for their business (TechRepublic)
- Why everyone, including small businesses, should be concerned about Russian attacks on IoT devices (TechRepublic)
- As IoT attacks increase 600% in one year, businesses need to up their security (TechRepublic)
- Enterprise IoT research: Uses, strategy, and security (Tech Pro Research)
- Before the IoT leap - Architectural principles, devices and data (ZDNet)
- Internet of Things (TechRepublic)