https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

From the Industry


Sponsor Content

Barracuda February MSSP Blog Image

IoT Security: A Winning Strategy for MSSPs

  • Written by Barracuda MSP Guest Blogger
  • March 1, 2019
Don’t let your clients’ IoT initiatives make them vulnerable to cyber attacks.

The rapid growth of the Internet of Things (IoT) has vastly expanded cybercriminals’ attack vector options. Millions of connected devices — many of them lacking basic security features or that are deployed using default passwords — have provided new gateways into networks around the world, in homes and businesses alike.

In 2016, a large-scale Mirai botnet DDoS (distributed denial of service) attack was launched. This attack was partly enabled by poorly protected CCTV cameras that were connected to the internet. It took down a significant chunk of Internet access on the east coast of the United States.

To rush items to market, many manufacturers (particularly on the consumer side) configure devices with weak (or no) security credentials. To demonstrate the nature of these threats, Barracuda Labs recently conducted tests on an IoT security camera.

Cyber criminals can leverage vulnerabilities in the web and mobile applications used by IoT devices to acquire credentials, which can be used to control the device or read account information. Attackers can also use those credentials to load their firmware and repurpose a connected device to attack other devices on the network.

These attacks rely on functionality that allows users to share device access to the connected camera with other users. As a result, the devices can be compromised without any direct connection to the device itself.

There have been some efforts to legislate improved security in IoT devices. Congress introduced the Internet of Things Cybersecurity Improvement Act of 2017 to set standards for IoT devices sold to the federal government. The bill includes requirements for patches and updates, password coding, and other features. Unfortunately, it never became law — it’s still in review.

California, meanwhile, has passed an IoT cybersecurity law that goes into effect in 2020, requiring manufacturers to equip devices with “reasonable” security features. Additionally, IoT devices that are outside of a local area network must be configured with a ‎unique password or allow the user to generate a new ‎means of authentication before using it.

A Multi-faceted Security Problem

Passwords are only part of the problem. Since legislation and standards are still in development and many IoT devices come from a variety of different countries and manufacturers, MSSPs will need to protect their customers by helping them “harden” their IoT investments.

Since clients may be deploying these solutions on their own or with other providers, it’s vital to conduct a review and have a conversation about how connected devices can impact security. After that, there are a few additional strategies that can help:

  • IoT requires a network-level security and enforcement approach since many connected devices don’t have the computing power or space to deploy endpoint security. There are a large number of connected devices that may not be immediately recognizable on the network. Network-level security can help nail down enforcement across the entire ecosystem.
  • Can the IoT device retain data? Some don’t have that kind of memory capacity, but others do. Make sure your customers understand that, and, if necessary, create policies to make device data anonymous or reduce its storage lifespan. Also, ensure that data collected via IoT devices can be securely stored in a way that is compliant with emerging regulations like GDPR in Europe or PIPEDA (Personal Information Protection and Electronic Documents Act) in Canada.
  • IoT devices generate a lot of data. Leverage artificial intelligence and machine learning to help trigger security responses based on device behaviors. The data can be used to help train these neural networks and improve their performance over time.
  • Include IoT devices in update and patch procedures and routines, and make sure connected devices are protected by security policies and strong encryption. Also, make sure passwords and credentials can be changed upon installation and regularly updated.
  • Consider segregating IoT devices on a separate network.
  • Pay attention to routers and firewalls. Many IoT attacks start at the router or quickly find their way there.
  • Encourage clients to work only with vendors that take security seriously. Low-cost hardware from overseas manufactures is notoriously vulnerable to cyberattacks. Select vendors that understand the threat and can detail exactly how their devices are protected.
  • Develop a contingency plan in case IoT devices (like a network of security cameras, for example) are pulled into a DDoS or similar attack. That plan should involve not only quarantining affected devices but also protocols for operating without them once they go offline.

Your clients may already have IoT-enabled devices on their networks, and the number of devices will only increase moving forward. By taking a proactive approach to including IoT devices in your security program, MSSPs can play an instrumental role in educating clients, preventing network breaches and providing better service.

 Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

This guest blog is part of a Channel Futures sponsorship.

Tags: MSPs Business of Security From the Industry Intelligence IoT MSSP Insider Security Barracuda MSP Sponsor Content

Most Recent


  • ransomware attacks
    Survey: Backups Are Prime Targets for Ransomware Attacks, Most Remain Exposed
    Veeam’s 2023 Ransomware Trends Report shows many pay ransom but don’t always recover.
  • call for speakers
    Channel Futures Leadership Summit Call for Speakers Open
    Speaker applications for “The New Style of Leadership” are open until July 3.
  • Faces of the Partner
    Faces of the Partner: 6 New Tech Advisors Entering the Channel
    A significant portion of the partner community is retiring. Who will replace them?
  • Kasten K10 V 6.0
    Veeam Previews Enhanced Kubernetes Protection, Security with Kasten K10 V 6.0
    Veeam showcased forthcoming release at the annual VeeamON conference in Miami.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • The words "how to" on a book sitting on a table.
    The Smarter MSP’s Guide to Ransomware
  • email-phishing-conceptual-weerapatkiatdumrongthinkstock_0.jpg
    Social media and email phishing: How to protect financial information from fraudsters
  • Barracdua MSSPInsiders Blog Image
    Tips for Launching an Actionable Cloud Security Framework
  • Barracuda January Blog Image
    Using AI to Protect Your Customers’ Inboxes

Upcoming Events

View all

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Galleries

View all

Survey: Backups Are Prime Targets for Ransomware Attacks, Most Remain Exposed

May 26, 2023

Faces of the Partner: 6 New Tech Advisors Entering the Channel

May 26, 2023

Broadcom-VMware, Alibaba Cloud, Red Hat, Google Cloud: A Hefty Roundup

May 24, 2023

Industry Perspectives

View all

Dell Technologies World: Dell Apex Expanded Across On-Premises, Cloud and Edge

May 22, 2023

Identity Is Increasingly Valuable – and Targeted

May 18, 2023

Gaining a Competitive Advantage through AV Managed Services

May 10, 2023

Webinars

View all

From Problem to Profit: Mastering the Science of Selling Using Business Outcomes

May 9, 2023

Meet the 2023 Channel Futures Channel Influencers

April 13, 2023

DE&I Dialogue: How the Right DE&I Initiatives Can Propel Your Business

April 5, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode No. 123: MartinWolf M&A Advisors, CP Expo Preview

UScellular Takes On Rivals with Partner Program Simplicity

April 21, 2023

OpenText Simplifying Deal Registration, Doubling Down on MDF

April 21, 2023

Everything-as-a-Service: CloudBlue Touts Critical Customer Transition

April 18, 2023

Twitter

ChannelFutures

Who has been a diversity, equity & inclusion role model in your career? Take a moment to honor their initiatives in… twitter.com/i/web/status/1…

May 29, 2023
ChannelFutures

Paul Green @msp_voice will help MSPs gain more #customers and #sales at @ChannelEurop June 13.… twitter.com/i/web/status/1…

May 26, 2023
ChannelFutures

.@coalesceIO unveils revamped partner program. #datatransformation dlvr.it/SphJm4 https://t.co/s7fYAVmFGD

May 26, 2023
ChannelFutures

.@Veeam #Ransomeware survey: backups are not adequately protected, 85% suffered at least 1 attack in past year… twitter.com/i/web/status/1…

May 26, 2023
ChannelFutures

.@MSPSummit call for speakers is open now through July 3. The theme for this year’s summit is “The New Style of Lea… twitter.com/i/web/status/1…

May 26, 2023
ChannelFutures

Channel Futures interviewed six individuals who started an agency in the last two years. dlvr.it/SpgV6l https://t.co/JXKhJcw31A

May 26, 2023
ChannelFutures

Channel Futures interviewed six individuals who started an agency in the last two years. dlvr.it/SpgTQg https://t.co/7eIp0XgwQ2

May 26, 2023
ChannelFutures

Channel Futures interviewed six individuals who started an agency in the last two years. dlvr.it/Spg7JZ https://t.co/ETaeFysCYO

May 26, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X