In the year 2019, we witnessed a widespread adoption of the Internet of Things, or IoT. More homes and businesses are now equipped with IoT devices than ever before.
As a result of this widespread adoption, there were many predictions for what would happen with the IoT for the year 2020. However, few people, if any, foresaw Microsoft’s buyout of CyberX.
Despite the advances in IoT over the years, problems such as scalability, visibility, and managing security on current IoT devices (or brownfield devices) remains a major issue.
Microsoft’s takeover of CyberX aims to resolve two of the above problems. In this article, we will discuss the potential impact of this acquisition. We’ll also dive into how the acquisition may help companies to better understand their risks and how to mitigate them.
What Does Microsoft’s Acquisition of CyberX Mean?
Microsoft has shown a long-term commitment to the IoT. In 2018, the company announced a $5 billion investment into the sector. Now the company is taking things one step further with its purchase of CyberX
CyberX’s solution will work alongside Microsoft’s Azure IoT product. For those not familiar with Azure, it incorporates numerous features, including the ability to secure connections and protect cloud storage solutions commonly used in homes.
This is vitally important, especially because most personal home media cloud storage services are really NAS devices (network attached storage), and are intrinsically more vulnerable that cloud servers that are kept in secure data facilities.
But what specifically does the acquisition mean for users? Among other things, it increases visibility, which is a major hurdle with many newer technologies. Microsoft’s acquisition aims to overcome this.
Microsoft has stated that the purchase of CyberX allows customers to view their current IoT assets. In addition, CyberX customers can access a digital map of thousands of devices either throughout the factory floor or within a company.
With this level of visibility available to them, businesses can get a clear picture of their risks and then act to mitigate them. However, there are other benefits too. With access to this information, companies can start taking the first steps toward smart manufacturing and smart grids.
How Microsoft’s Integration with CyberX Can Help Businesses Mitigate Against Security Issues
Besides providing much-needed visibility, CyberX mitigates security problems in several ways including:
- Giving users a risk score along with suggestions on how to fix potential problems.
- Providing continuous monitoring, and issuing real-time alerts to users to suspicious behavior, which may suggest a security compromise.
- Protecting IoT devices through its built-in quarantine and firewall options.
Nir Giller, CyberX co-founder and CTO, argued that the IoT and cloud are driving the shift towards zero trust strategies and “requires a holistic understanding of what devices are connected and how they’re communicating…so you can quickly detect and mitigate attacks before they impact your organization.”
Common Attacks on IoT Devices
No one should underestimate the importance of securing IoT devices. A report by the Irdeto Global Connected Industries Cybersecurity Survey described IoT cyberattacks as the ‘new normal’.
Indeed, research shows these attacks are rising at a massive rate. IoT attacks increased by 300% in 2019 over 2018, and those attacks have only increased further in the months since then.
It’s been predicted by experts that most of the billions of IoT devices installed in the coming years will have limited security controls and be open to other forms of abuse. Attempts to compromise devices can often go unnoticed because of the lack of network monitoring and IoT users need to develop their awareness of increasing threats.
For instance, ransomware has long been an issue with websites and computers, but the IoT is increasingly becoming a target as well. This is a problem that is likely to continue as it becomes a more prominent part of work and home life.
Other types of attacks include:
- Brute forcing passwords: brute-forcing is possible because many IoT devices have weak passwords.
- Denial of service attacks(DoS): These attacks force websites down and potentially steal data.
- Botnets: these run silently on a system. Hackers control botnets and their use can lead to DOS attacks.
- Data and identity theft: the theft of sensitive data kept on computers and other servers. Identify theft refers to the illegal use of another person’s personal information.
- Man in the middle attacks: a malicious party may intercept personal messages and attempt to steal data.
- Firmware hijacking: when an individual gets into the firmware and injects malicious code.
- Privilege escalation: the exploitation of an operating system, once an unauthorized person has access, they can gain access to protected areas of a system.
How to Protect Your IoT Devices
There is no guaranteed way of fully protecting your IoT devices. However, there are several steps users can take to better secure them to severely mitigate the risk of a cyberattack. The first and arguably most important is installing a Virtual Private Network, or VPN.
This is because the best VPNs use a specific form of encryption which allows secure data to be sent through IoT (often called the “edge”), thus giving a network additional robustness and guarding against data theft. A VPN will also shield IP addresses, potentially preventing DDoS attacks, and encrypt all traffic sent between a user’s device and their network.
Additional measures that you can take to protect your IoT devices as well include:
- Keep passwords updated and change them regularly. If there is a suspected breach, change the password immediately. If the device comes with a default password, be sure to change it.
- Update devices. Do this by checking for firmware and software updates for new patches.
- Only buy IoT devices from established sellers and manufacturers.
- Be prepared to spend more. Although some IoT users might want to limit their budget, the higher-priced devices tend to have additional features that may provide extra security.
- Ensure the device complies with the U.S. government’s IoT Cybersecurity Act. Introduced in 2017, the act details measures IoT devices must have to protect them from attack. This includes allowing IoT users the ability to patch up their systems and not selling devices with known flaws.
- Limit opportunities for hackers by switching the device off when it is not in use and keeping business and personal devices separate.
The IoT has brought us many innovations. Without it, new innovations and partnerships in commerce and retail may not have been possible. However, security has remained a challenge, and Microsoft’s purchase of CyberX aims to rectify this.
As well as bringing multiple security benefits such as constant monitoring and improved visibility, there is plenty more to be gained from Microsoft’s new collaboration. For instance, the acquisition may mean better resilience for Microsoft’s data centers and protect vital infrastructure.
While the success of Microsoft’s purchase remains to be seen, it is likely to depend on several factors, including the company’s ability to integrate CyberX into its current offerings.