Addressing the IoT Security Challenge

5th November 2019

Chani Agarwal, Pre-Sales Engineer for Rahi Systems, discusses the security challenges facing IoT, and how businesses can safeguard themselves against the possible threat of a cyberattack

The Internet of Things is already transforming entire industries and bringing an array of benefits to organisations of all sizes. However, the devices that comprise the IoT have notoriously weak security, creating a massive attack surface to be exploited by malicious actors. Security has typically been an afterthought, but organisations need to put procedures and controls in place to reduce the risk of a cyberattack.

An IoT device can be anything with a unique ID that is attached to the network, and the number of IoT devices has been growing on a very large scale. One research estimates that by 2025 there will be about 75 billion devices connected to the Internet.

The sheer size of the IoT makes security a big challenge. The traditional IT environment, including computers, networking devices and the like, typically includes hundreds, maybe thousands of devices. Enterprise initiatives can increase quickly in scale to include hundreds of thousands of devices. These devices generate huge volumes of data that is distributed across the environment from the edge to the cloud.

Startup Spotlight: Amplitude, the digital optimisation unicorn
Trending
Startup Spotlight: Amplitude, the digital optimisation unicorn


How secure are IoT devices?

Internet of Things devices are also much more diverse than traditional IT devices, and there are very few standards in place for managing and securing them. Security controls typically aren’t implemented on the Internet of Things devices themselves because of limited battery life. Also, IoT devices don’t have a lot of computing power, so they can’t provide encryption and other security services.

In light of these challenges, organisations should adopt a layered approach to IoT security. As an initial step, organisations need to safeguard IoT devices from external attack. This requires a firewall with IoT-specific protocols and Layer 7 application signatures. Additionally, network segmentation should be used to prevent the lateral proliferation of threats.

IoT devices should be monitored for anomalous behaviour. Organisations should collect and analyse log files using a security information and event management (SIEM) solution.

Advanced threat prevention (ATP) is also essential. Because IoT devices lack security controls, hackers are able to find vulnerabilities and attack the devices with unknown malware, so-called zero-day attacks. The 2016 distributed denial of service (DDoS) attack on DNS provider Dyn is probably the most famous example. The attack leveraged a huge botnet of IP video cameras, residential routers and other consumer IoT devices that had been infected with the Mirai malware. The attack took down major websites, including Amazon, Netflix, Twitter and the New York Times.

READ MORE: Why Today’s Global Businesses Need a Cloud-Delivered Firewall Solution


There are many other forms of advanced malware that exploit Internet of Things devices to form botnets, and signature-based malware detection is ineffective against these threats. The Juniper Sky Advanced Threat Protection solution combines cloud-based threat detection with the SRX NGFW to identify and block zero-day attacks. It also employs a sandbox where malware is detonated in a contained environment and patented machine learning capabilities that analyze and adapt to the malware.

Many enterprises that implement Internet of Things applications try to move security features toward the network edge. A better approach is to have end-to-end, pervasive security, after all the network is only as strong as its weakest link. If someone can hack into an IoT device (as innocent as your “smart” coffee machine or Smart TV), odds are high that they can hack into the entire network. In addition, the data generated by the IoT is going to be omnipresent, so security will need to be everywhere.

Most important, IoT security should not be an afterthought. If you’re planning an Internet of Things initiative, it’s crucial you look for assistance in developing a security strategy and implementing the right processes and tools.

Rahi Systems delivers a suite of solutions and services that optimises the cost, performance, scalability, manageability and efficiency of today’s integrated environment.

We think you'll like:

Chani Agarwal

Chani Agarwal is a network presales engineer for Rahi Systems. Chani has also worked as a business process analyst focused on audit and risk management for IT.

Quick Commerce and the Retail Media Revolution

Sue Azari • 11th June 2025

Quick commerce has transformed the way consumers shop, redefining convenience with near-instant delivery of groceries, meals, and household essentials. However, beyond its impact on logistics and e-commerce, quick commerce is now emerging as a major force in digital advertising. As consumer behaviours shift toward on-demand purchases, these platforms are leveraging their vast first-party data and...

Is It Time for a VMware Alternative?

Wind River • 22nd May 2025

Companies have options when it comes to replacing VMware as their cloud platform, to address rising costs, support concerns, and a shrinking partner ecosystem. If you are ready to contemplate a different vendor, here are five reasons why Wind River Cloud Platform should be on your short list of VMware alternatives.

AI Leads as VivaTech Unveils Top 100 Startups

Viva Technology • 14th May 2025

Viva Technology has unveiled the first edition of its “Top 100 Rising European Startups for 2025,” spotlighting the most promising young companies shaping Europe’s tech future. Germany, France, and the UK lead the ranking, which highlights high-growth startups across 13 countries. Artificial intelligence dominates the list, with 15 companies spanning AI agents, models, and infrastructure....

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...