All types of smart devices can communicate with each other thanks to the Internet of Things. This creates great opportunities, but also entails security risks. Regardless of how secure you think your company is, one single insufficiently protected sensor may open the gates to your company. Should we ban the Internet of Things? Or can we embrace the technology responsibly? Kwinten Volckaert, Applications Manager at Nextel, and Bart Van den Branden, Business Development Manager at Telenet, demonstrate how to use the Internet of Things safely based on pitfalls and best practices during the Beltug X-change.
Kwinten Volckaert, Mobile Applications Manager at Nextel, and Bart Van den Branden, Business Development Manager IoT at Telenet
Fully automated access control to efficiently and quickly access your company website. A lot of companies would like to see this, but get a headache once they think about things going wrong with the security of the system. What if the barriers are hacked? Or the camera footage can be followed live through a shady website? Is sticking to the traditional system not more secure?
Digital ‘Lara’ for access control
Volys from the West-Flemish Lendelede had a different idea and thought it was time to introduce a digital transformation to the company. This specialist in bird products has grown rapidly in the last 10 years and now has over four-hundred employees. But this growth also had a major impact on its surroundings. An endless stream of customers and suppliers resulted in a lot of traffic problems.
To resolve this issues, Nextel developed a solution for Volys which grants access to persons and vehicles in a digital, controlled and secure manner. The system has now been used successfully for four months. External visitors must register in advance through the new digital colleague called ‘Lara’ to access the premises. Number plate recognition ensures that things go quickly and smoothly, making queues and traffic jams a thing of the past.
The Volys case demonstrates unambiguously how the Internet of Things can make operational processes a lot more efficient and simple. However, a lot of companies still refuse to implement the IoT. Because of a number of wild stories and nightmare scenarios, a lot of people still believe that the IoT is unsafe and will leak your data in no-time. Or that it will give cybercriminals the chance to access the gates to your company.
These stories require nuance. It is true that the IoT poses security risks. But a lot of damage can be prevented if you know where the pitfalls are. This is why we want to list the main risks below.
For a safe Internet of Things, we must take three major components of the IoT chain into account: the device, the network and the application.
Dump prices and ‘hack the device’
If you order a smart but cheap device online, you should be vigilant. Manufacturers that sell devices at ridiculously low prices often take security less seriously. It is safer to choose for certified devices from a supplier with a good relationship with the manufacturer, or from a manufacturer with a sound reputation.
Because the IoT is constantly developing, you often need a completely new device. It is important to estimate the corresponding risks in advance and hire an ethical hacker who checks the security for you. The hacker can, for example, check whether cybercriminals can send false information to the device and whether the Wi-Fi password is shared between the devices unsecured.
Last year, it was discovered that footage of thousands of security cameras from all over the world could be seen live on the Internet because they were not sufficiently secured. You could even look up the exact coordinates of the cameras, which not only opens your doors to cybercriminals, but also to thieves.
A strong network as the foundation
The security of your network must also be perfect. The current company Wi-Fi network can be easily and quickly reused to implement your IoT applications, but this makes it very easy for cybercriminals. If one device gets infected, it is easy to infect the others as well, harming a large part of your infrastructure. Since Mirai in 2006, where 600,000 IoT devices were infected and abused by malware to shut down part of the Internet, countless new versions have emerged.
This is why it is wiser to use an Operational Technology (OT) network or Virtual Private Network (VPN)/Access Point Name (APN). An OT network is used to divide the network into different virtual zones or segments that can trap a possible virus. VPN/APN creates a safe tunnel which encrypts data in such a way that any persons looking at them cannot know who sent the data package and where it is going.
Finally, there is the software or application: it requires strong security, as this is the most common way of breaking in. You can choose for a built-in application where the sensor is delivered with the platform for monitoring and management. But this will not give you any control over the data, or insight into where these are stored and who can access them. This is why you should choose for a custom development application, as part of which you create a custom solution. This may take more time, but it will be much clearer where your data are and who can access them. An even safer way is to work with a tailored approach using an existing template. You create a custom solution, but also use standard components with a history of extensive testing, which speeds up development.
You cannot stop or ignore the development of the Internet of Things. But it is clear that we should not underestimate its security. If you better understand the risks and pitfalls, you can better interpret the nightmare scenarios. Invest sufficiently in security and the knowledge of an expert. Compare it to the electricity grid or the gas connection in your home: you would not work on these without the necessary expertise.