In November 2016, the National Institute of Standards and Technology released Special Publication 800-160. This document constitutes NIST’s approach to securing internet-enabled devices from malware and cyberattacks. The so-called Internet of Things represents a massive economic opportunity for many businesses, but it also represents another front in the war against cyber criminals.
A Quick Release Of Special Publication 800-160 Due To The Dyn Attack
NIST has been developing Special Publication 800-160 for over four years. It sought advice and expertise from some of the world’s leading developers and experts in the field of internet-connected devices. The Institute released the document earlier than intended as a result of the October 21st attack on Dyn, Inc, which included the utilization of many internet-connected devices infected with malware to help perpetuate a massive distributed denial of service (DDoS) attack.
Why Is This Special Publication Special?
The NIST document generally focuses on engineering standards and principles focused on a product’s full life cycle to secure the Internet of Things moving forward. It is two hundred and fifty seven pages with a lot of dense technical jargon aimed at programming professionals.
The document helps highlight a number of activities these professionals can take to help create a safer world for internet enabled devices. Yet this does little to protect businesses in the near future. Companies increasingly spend large amounts of money ensuring their networks cannot suffer breaches from phishing scams or the like, but this may not matter if the smart TV in the conference room isn’t set up securely.
Why You Need To Be Worried About Smart Devices And The IOT At Your Business
This concern becomes even more pressing when one considers what access to a Smart TV in a business conference room might mean to a cybercriminal. Does the Smart TV have a camera? Does it have a microphone? If so, a hacker could use a breached TV to listen in on important corporate meetings and business proposals discussing sensitive information and trade secrets. Access to a printer could mean access to all the data sent to that printer - in other words every piece of information that your company has printed.
Taking Steps To Secure Your IOT Devices
Still, there are a number of steps companies can take in the short term to avoid criminals using IoT devices to gain access to their networks.
- One simple step people can take is changing factory default passwords for every device that connects to the internet. This doesn’t just include routers anymore. It also means thermostats and printers.
- Some experts also suggest establish multiple secure networks so that smart devices are all one network, segmented away from the computers and the smartphones.
At its heart though, most basic aspects of Internet of Things security for modern businesses simply mean expanding the scope of their current cybersecurity processes to include devices they may not have thought of previously.
Increasingly, technological advancements threaten traditional notions of managing security. Failing to stay up to date with new vulnerabilities will leave companies exposed to unforeseen threats. Businesses must stay up to date to stay safe.