The IoT (Internet of Things) is gathering increasing investment and resource allocation attention from enterprises. In the last couple of years, the adoption of IoT has grown significantly. However, despite a sustained discussion around IoT security, little has moved on the ground with businesses still relying on archaic frameworks and IT-oriented approaches to secure their IoT deployments. If IoT cybersecurity is not addressed on an immediate basis, the risks associated with IoT deployments will grow exponentially with the rapid growth in IoT devices.
So what can be done?
To begin with, let us understand why IoT security has become a challenge for enterprises. In IoT deployments, hackers typically target data at rest and motion in addition to the connected devices and user credentials for remotely hijacking connected assets. After the onset of the ongoing pandemic, many new IoT devices were added with varying levels of security and in many cases without conducting vulnerability scans.
Device patches and updates in many instances were either deployed late or were not deployed at all for fear of device malfunction as no personnel were available for addressing any glitches that would have popped up because of the patching or application of updates. The existence of default passwords that remain unchanged for years after unboxing compounds the problem.
Highjacked devices could be turned into bots that operate as part of large botnets globally to target other digital and critical infrastructure assets. They could also be used for listening to your data traffic or for other nefarious objectives.
IoT security should ideally start from the basics:
- Avoid default passwords
- All devices should be procured from trusted manufacturers only and before procurement, have a discussion with them about security
- Applying patches and updates should be made mandatory
- Check if the devices can be customized to a very high level. This will make it harder for hackers to insert a digital twin into your network without being detected
- Establish a common governance model covering IT, OT and IoT along with separate tiers for each tech
- In case of converged environments, have a well-defined policy and controls (including responsibilities) in place to manage converged security
- Have a breach notification policy in place that covers maximum stakeholders
- Policy violations should be reported and addressed and evidence conserved for the maximum duration of time
- Align with the most stringent standards and regulations build upward compliance flexibility to comply with emerging IoT security standards as they emerge
- Build awareness
Sectrio is a leading IoT and OT cybersecurity vendor with solutions, threat intelligence, consulting, and SoC services on offer for various verticals.
See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.
Get access to enriched IoT-focused cyber threat intelligence for free for 15 days
Download our CISO IoT and OT security handbook