The explosive growth of Internet of Things (IoT) devices, projected to reach 18 billion by 2022, has created a massive new attack surface for organizations of all sizes.
Considered by some to be the number one attack vector, the wide range of IoT devices on a company network can be problematic for many reasons. These devices come in all shapes and sizes and are designed to fill a wide variety of functions, but due to this ubiquity, they often have complex connectivity or use less secure and more outdated protocols for connecting to local networks and the internet.
IoT devices also commonly suffer from poor configuration management, meaning it’s not always easy to manage, upgrade and maintain these devices across the network. Some of these devices do not even support enterprise-level security or authentication, making them a significant enterprise vulnerability.
The lack of security and standards around IoT devices have made businesses that have them deployed less secure and more vulnerable to malicious attacks. Even industries such as banking, healthcare and critical infrastructure can be left exposed by IoT devices.
For example, the Marai botnet attack breached over 1.2 million IoT devices with a DDoS attack, which took down a large portion of the internet service by generating overwhelming traffic. What’s more, cyber attacks are projected to cost the world $6 trillion annually by 2021, and nearly one-third of data breaches involve small- to medium-sized businesses.
IoT Defense: Reduce Common Vulnerabilities
Effectively securing these IoT devices and the networks where they live requires a comprehensive approach to cybersecurity. The NIST Cybersecurity Framework defines a risk management approach that includes steps to Identify, Protect and Detect threats to your network, which puts you in a much better position to Respond and Recover.
Because of the unique vulnerabilities introduced by IoT devices, separating corporate information technology networks from Operational Technology (OT) networks is an important consideration to limit lateral movement across networks, should a device be compromised.
The ability to microsegment individual devices across the network enables isolation of malware proliferation. Minimizing privileges is another way to reduce the threat of these devices – only giving them the least amount of access and privileges that they need. IoT devices can have limited privileges, such as only being able to communicate over certain ports and protocols and only with certain endpoints.
No set of defenses will deter or deny all attacks; zero-day vulnerabilities will be a concern forever, and each business should tailor and adapt their defenses to the emerging IoT threat to protect priority assets. There are a set of basic cyber hygiene actions, however, that all businesses can employ to significantly increase the cost to attackers and help deter breaches.
For example, based on a detailed analysis of past threats, the Australian Cyber Security Centre developed the Essential 8, which are the cyber practices that most significantly reduce common vulnerabilities attackers are known to exploit.
The Essential 8 include four actions that can prevent malware running:
- Application whitelisting
- Patching applications
- Disabling untrusted Microsoft Office Macros
- Hardening user applications (e.g., blocking web browser access to Adobe flash player, web ads and untrusted Java code on the internet)
In addition to taking steps to stop malware from running, organizations should limit the extent of the consequences of incidents and facilitate protection of high-value data. Minimizing consequences can be accomplished by four actions:
- Restricting administrative privileges
- Patching operating systems
- Deploying and using multi-factor authentication
- Daily back-up of important data
Additionally, some security solutions can help you automate cyber hygiene and deter cyber attackers. Continue reading to learn more about those offerings.
IoT Solutions: Defend Against Cybersecurity Threats
Today’s sophisticated criminals require businesses to have an integrated approach to both physical and digital defense.
STANLEY Security is uniquely positioned in the industry as a trusted security provider by businesses, law enforcement and national security experts. We provide an integrated suite of physical security and cybersecurity products, expert maintenance and real-time monitoring to provide verified response for security professionals.
Learn more about two cybersecurity solutions that can help you defend against the threats posed by IoT devices:
- Safeguard Your Security with STANLEY IntelAssure™, Powered by Viakoo
One way of safeguarding cybersecurity and physical security is by integrating STANLEY IntelAssure with your security systems. This automated service assurance platform proactively manages these security systems to help prevent cyber breaches and minimize downtime that can lead to a loss of video surveillance footage. The tool provides automatic discovery of security devices, collects the important details and gives you a consolidated report that includes all of this information. It can also automate firmware updates, test device functionality, identify cybersecurity vulnerabilities, and more.
- Use Network Protection Powered by Cisco Meraki
Network Protection helps keep your networks, devices and data safe from daily cyber attacks. This advanced firewall solution protects your network from intrusion, malware, ransomware, phishing, malicious files and more – all of which can cost you money, stress and business downtime. The solution is WiFi-enabled and cloud-based, providing advanced threat protection for an entire network. The set-up process is easy and configured to your preferred specifications. Additionally, automated reporting gives you greater insight into your business.