Top 10 Internet of Things cybersecurity threats and expert advice about how to fight back

IoT devices operating on radio frequency, a.k.a. Internet of Radios, are causing a new breed of security headaches. Tips for protecting against them.
By Bill Siwicki
01:01 PM
Share
Internet of Things cybersecurity threats

Seventy-eight percent of business professionals, including healthcare executives, believe the threat from the so-called Internet of Radios will increase in the next 12 months, according to a new study from Bastille Networks Internet Security, a vendor of enterprise threat detection technology and services.

The Internet of Radios is the collection of Internet of Things, mobile, medical and other devices that use radio frequency to communicate.

Bastille identified the following as the top 10 Internet of Radios security vulnerabilities, in order from top to bottom:

1. Rogue cell towers, also known as “stingrays” and “IMSI catchers”
2. Rogue Wi-Fi hotspots
3. Bluetooth data exfiltration (tethering)
4. Eavesdropping/surveillance devices (for example, conference room bugs)
5. Vulnerable wireless peripherals (mice/keyboards)
6. Unapproved cellular device presence
7. Unapproved wireless cameras
8. Vulnerable wireless building controls
9. Unapproved Internet of Things emitters
10. Vulnerable building alarm systems

“With the rise of mobile, wireless and IoT devices in the healthcare workplace, there’s a significant gap between security awareness and preparedness in the healthcare industry as many of these devices contain vulnerabilities that hackers can exploit and use as a portal for entry into a healthcare organization’s network,” Bastille CEO Chris Risley said. 

Half of the 300 business professional survey respondents, in fact, indicated that Internet of Things devices are already impacting security. 

[Also: 5 steps to safeguarding Internet of Things medical devices]

So what can healthcare organizations do to bolster the security of devices that use radio frequency to communicate? Risley offered some suggestions.

Know your employees
“Healthcare organizations can begin by understanding employee behavior and the types of devices entering their offices that could pose a danger to network infrastructure,” he explained. “Large organizations with sensitive data want to know the movements of devices in their environment in order to get full situational awareness of all the activity in the radio frequency spectrum within their combined premises.”

Monitor devices in your airspace
Next, healthcare organizations should deploy technologies that offer visibility into Internet of Radios devices inside their organizational airspace, whether the devices are owned by the healthcare organization or brought in from the outside, Risley said.

“The only way to prevent these sorts of devices from being exploited is to continuously monitor hospitals and other healthcare facilities for radio-enabled devices that contain known vulnerabilities,” he added. “Only after a vulnerable device has been identified can it be patched.”

Learn from others
Several cyberattacks recently have been demonstrated against radio-enabled healthcare devices, Risley added. For example, one showed that there are vulnerabilities in the communication protocol that is used to control Johnson & Johnson Animas OneTouch Ping insulin pumps, he explained.

“The vulnerability allows hackers to remotely and surreptitiously control the amount of insulin that is delivered,” he added, “which presents a stark health hazard.” 


 The HIMSS and Healthcare IT News Privacy & Security Forum in Boston takes place Dec. 5-7, 2016. What to expect: 
⇒ How to beat back hackers and savvy cybercriminals? Delve into the dark web
⇒ A CISO, consultant, and infosec vendor nail down cybersecurity best practices
⇒ Gone' phishin': Mayo Clinic shares tips for fending off attacks

⇒ Security budgets grow but breaches continue unless hospitals adopt best practices
⇒  Think offshoring PHI is safe? You may not be covered if a business associate breaches data


Like Healthcare IT News on Facebook and LinkedIn