IoT is vulnerable to ransomware attacks and the mitigation of such threats is just not a necessity but a priority. Let’s have a look at some of the basic steps to mitigate such threats…
Ransomware has been for a while and it is inevitable that ransomware operators will target the Internet of Things with ransomware, because connected devices provide a huge opportunity for them to launch attacks. It’s unfortunate that IoT based ransomware is not being given the high priority, or not being looked at from the right perspective. Enterprises should understand that negating security in IoT systems would not only mean financial loss but it could also lead to loss of life as well!
The current rate at which the security vulnerabilities existing in Internet of Things devices that can be exploited provides a whole new frontier for ransomware writers. The IoT ransomware model is fundamentally distinct from the conventional malware threats and hence it needs out-of-the-box solution.
Today, the reality is that the security threats posed by IoT devices through ransomware are real and it is the onus of CIOs/CISOs/CTOs to implement the security measures. Despite various security challenges in IoT system, they are here to stay provided the Industry formulate various security standards to deploy them.
Best Security Practices
The IoT providers should create and follow minimum security standards. To secure the end-points, one can formulate security policies and standards such as using the two-factor or multi-factor authentication in IoT based systems. The IoT providers should also create a new user profile for the device administrator.
The security assessment from the network aspect in a IoT system is also crucial and the evaluator should ensure that unused ports are closed and disable unused services that are not necessary to the end-users. In order to secure the IoT network system and devices, cloud-ready firewalls which has the capability to secure machine-to-machine connectivity in IoT should be considered.
One of the common security challenge in IoT is the need for firmware updation by applying security patches to various types of IoT devices from multiple vendors. Rather than waiting to apply the patches after the attack of ransomware in IoT based systems, it is always recommended that they are always updated periodically. The reality is that there are no simple ways to apply patches to all devices in an IoT system.
Maintaining multiple backups is crucial in the event of recovering critical data from a ransomware attack.
Last but not the least is that one should document the list of approved devices and all default and custom configurations of the IoT devices and organize the inventory the network.
The Road Ahead
The million dollar question is what’s next for the ransomware? Well, as I see it — the cyber threats that are developing across the globe will be ransomware-as-a-service and ransomware targeting the smart devices such as smartphones, tabs and other devices. Meanwhile, the current trend in non-commercial space of ransomware attacks targeting connected devices such as smart TVs and fitness trackers will continue. This is a harsh reminder to what ransomware threat poses to the end-users of IoT in consumer space!
As time progresses, ransomware which targets IoT devices will continue to evolve as ransomware developers are ever ready to exploit and mount new attacks by working to find fresh vulnerabilities. Hence, it is high time that governments along with global and local Industry vendors, retailers, and users, work together to minimize the ransomware attacks caused by insecure IoT devices.