Being able to carry out these steps means organisations cannot blindly rely on alerts or endlessly scan devices.
The endless stream of content focusing on the insecurity of IoT devices has become mind-numbing. Since smart devices invaded the industry, there’s been several warning signs pointing to security imperfections. Though it wasn’t until the massive IoT-powered botnets, like Mirai, emerged that the conversation reached a tipping point.
As the industry became increasingly aware of the horrors lacking IoT security can generate – whether it’s taking down the internet, extortion-by-DDoS attacks, testing failures or anything in between many doomsayers have tested our resolve to react.
With the right procedures in place, businesses can both take advantage of these internet-connected tools and secure them at the same time. Though many are still in the dark when it comes to understanding what these procedures and next steps look like. By addressing some real-world actions that can be taken to prepare organisations can start putting some proactive security measures in place.
Have a Policy
It’s alarming to think about the number of organisations with poor or underdeveloped policies regarding IoT. Many are not even aware of the impact IoT devices have on their networks. But the IoT is inescapable; if an organisation thinks it’s immune, it’s wrong.
On the bright side, developing and structuring a policy doesn’t have to be that difficult. The first step can be to limit the IoT devices allowed on your networks to enterprise-specific vendors that take security seriously and offer service level agreements for security patches. Further, simple steps like asset inventory and management, timely update cycles, changing default configurations, and vendor security assessments can go a long way to help get a strong IoT policy off the ground.
Don’t Fight Blindly
Visibility into an organisation’s network is paramount for a strong security posture. Whether it be delivering a structured training course to enhancing staffing skills around IoT or upgrading technology, it can be difficult to get an unobstructed view amid the constant flux caused by connected devices. While smart devices offer benefits like automation and data collection, they are also often hard to single out on a given network—especially devices with low computing power. Not to mention the confusion that can be caused by personal devices (e.g. smartphones, tablets, wearables) that constantly go on and off the network throughout the day.
This can all be changed with comprehensive solutions that allow for real-time traffic visibility, inline traffic inspection, granular policy control and even bandwidth control. As networks increasingly become more complex, blind spots need to be eliminated.
Apply Smart Segmentation Strategies
This rule applies to most situations. If it’s too much to handle at once, break it up into smaller pieces. The same goes for securing IoT devices. Once the right visibility tools are in place, large networks can and should be broken down. Anything touching the network should be segmented by type, purpose or vendor. More than just knowing that a device is on the network, organisations need to have tight control over where they are, what they’re doing and who they’re communicating with. If the general classification rules don’t apply, focus on authorisation. Devices should never be trusted unless authorised.
For even more sensitive assets, consider adding a complete air gap for these devices. Splitting networks is not enough for complete protection if they still interface with critical services. Instead, consider putting these devices into complete isolation so they cannot be used as another attack surface.
What If It’s Too Late?
It’s always going to be easier for criminals to find one weak spot and point of entry than it will be for organisations across all industries to protect their many assets. If an IoT compromise does occur and there’s no cyber response policy in place, the best course of action is to understand the scope of the threat and work to contain it. This may require taking all devices offline. Where possible, time should also be taken to reverse engineer any new IoT-targeted malware to improve the team’s chance of developing better defences for the future.
The remediation process should involve re-flashing the hardware, reconfiguring settings, and updating the software. Ultimately, the business must contain any issues and prevent them from jumping from an endpoint to more critical parts of a network.
Being able to carry out these steps means organisations cannot blindly rely on alerts or endlessly scan devices. Instead, they need to have a plan of action in place supported by smart IoT purchasing, clear network visibility and segmentation. Now is the time to act.