Our personal information is accessed by a host of embedded systems, take these steps to secure it.
Understand Your Exposure
One of the first steps to ensuring that your data remains secure is understanding just how connected you are to the world around you. In addition to the smartphone that never leaves your side and your desktop or laptop computer, there are hundreds of other points of contact with embedded systems connected to a network. Let’s walk through the average day in the life of a "connected" person.
Waking up in the morning you check the activity monitor on your wrist to see how well you slept last night, and then head downstairs for breakfast. On your way to work you ask your car for directions to the nearest coffee shop and also instruct it to text your boss that you are going to be late for that 9 am meeting. While out to lunch with some coworkers, you pay for your meal with a tap of your phone. As you unwind later that night, you tell your smart home assistant to play your favorite music and turn the temperature up to a comfortable 72 degrees.
At each of these points during the day you are unwittingly giving one of your most precious assets, your data, to a service with unknown and unproven security. This implicit trust is what gets a lot of people into hot water. There is no possible way you can check each and every time you give your data to a person or service, but understanding the scope of your exposure is the first step to ensuring your information stays safe. As an exercise, try going through a day being as aware as you can of each time you come into contact with a system that tracks you or captures your data. As Dover’s CEO Jothy Rosenberg likes to say, “Trust, but verify.” This should be your attitude towards connected systems. Whenever possible, know where your data is going and what is being done with it.
Implement Security Best Practices
Knowing your points of exposure is great, but won’t do any good unless you take measures to secure them. Here are some simple security best practices you can implement to help keep access points closed to would be attackers:
1. Implement Dual-Factor Authentication (DFA) In 2018 there is no excuse to not implement dual-factor authentication on all services where this extra level of security is offered. In a recent study, only 28% of respondents said they used DFA. Implementing DFA ensures that if an attacker gains the password to one of your accounts, there will be an additional layer of security protecting your information (that is, the attacker knows only one of your two authentication factors).
2. Choose a Strong Password Yes, this means you can’t use the name of your dog, your birthday, or worst of all “password.” Security experts like Brian Krebs recommend that you create a password that is a combination of numbers, letters, and symbols. Equally important is making sure that your passwords do not contain any sensitive information, like a social security number or the name of a family member. Store all passwords in a safe place, either on physical paper or an encrypted drive. Password managers can also be a handy and effective way to make sure all of your login information is stored in one encrypted location.
3. Patch and Update Your Connected Devices Regularly Another simple method to maintain the security of your connected world is to make sure all of your gadgets are updated and patched. Apart from providing new features, updates often come with a collection of safety patches that the device or software manufacturer has implemented to fix bugs and protect against known exploits. It is important to stay on top of updates and patches because as new security vulnerabilities are discovered, new patches need to be developed and applied.
Addressing the Problem at Its Core
Connected device security is all about seeing the big picture and realizing the facts about the modern IoT landscape.
Fact 1: Everyday we are interacting with a plethora of embedded systems that both capture and share our data.
Fact 2: Implementing a set of security best practices is the first step towards ensuring that our data does not fall into the wrong hands, but it is still not enough.
Fact 3: Today’s cybersecurity solutions are not working and only increase vulnerability by adding another layer of inherently flawed software. If we want to nip the problem of connected device security in the bud, we must address security at the core.
Modern day processors are all flawed due to their common architecture that was developed nearly 75 years ago. They blindly execute instructions, even if those instructions were exploited or are unsafe for some other reason; today's processors simply don't know the difference between good and bad instructions. Software-only security solutions are also inadequate to protect against attacks as they are adding another layer of software with bugs. We are left with a situation where a processor cannot protect itself and the software that is meant to protect the system is actually just making it more vulnerable.
It is time for our processors to gain the ability to provide a level of built-in security—to be able to differentiate good and instructions from bad, and to block any bad instructions from executing. While the recommended best practices above are great steps to take in the short term, the final step to connected device security is to integrate security into the processors embedded in our cars, homes, medical devices, and all sorts of other critical systems. In the digital age where information is worth its weight in gold and we universally depend on connected devices, we can no longer delay establishing security in silicon.
Learn more about how Dover’s CoreGuard and how it works to protect the embedded devices of today.