The field of IoT continues to proliferate at a mass scale across both consumer and commercial use. With endless IoT device applications, the industry has been relaunched into an era of automated toasters, remotely controllable washing machines, simplified retrofit of centralized systems in property management, manufacturing, and even in finance. According to Securitytoday.com, In 2018, there were approximately 7 billion devices; as of 2019, there were well over 25 billion. This advancement and simplification, however, comes at a steep cost.
Companies quick to move may not have appropriate security controls implemented. Hackers have their sights set on new vulnerabilities with an ease of breach that hasn’t been seen in years. As the surge in attacks continues to grow, you should implement these four steps to safeguard your business.
Step 1: Discovery––Know What’s Connected
Identify all devices connected to your network. Unfortunately, it is far too easy for someone to connect an IoT device to your network and compromise your business. Frequent scans should be performed to not only identify but review the devices connected to your network. Start with a basic network/device diagram then ensure each device is supposed to be connected.
Your IT security provider should be able to assist in scanning and profiling devices. The worst mistake companies can make is believing once they have completed an assessment that they are secure. Implement a continuous process to review and assess your cybersecurity and ensure IoT is included in the review.
Step 2: Patching and Maintenance
What’s the Best Before Date?
An unpatched or out of maintenance computer, network device, or even website poses a serious security risk for businesses. IoT devices generally make use of all three of these. The software or hardware that controls the IoT, the operating system or PLC that runs the IoT device, or the web interface used to configure these devices all need to be patched, updated, and maintained.
Even something as simple as a smartwatch can compromise your network. Review the devices you have, assess the latest firmware/patches, and ensure your devices are updated often. A common recommendation is to monitor vendor and security related news to mitigate known security flaws and vulnerabilities. Out of maintenance products aren’t frequently patched or upgraded and can weaken your security.
Don’t let being on the latest firmware or patch lead you into a false sense of security. Review the patches, including what they resolve, what they break, and when they came out. When selecting IoT devices, review the product life cycle to ensure you choose a product that has frequent improvements and ensure the product has a strong return rate.
Step 3: Design and Deployment
Are Your Computer and IoT Devices on the Same Network?
Use the discovery from Step 1 to ensure you segregate your network and devices to minimize the impact of any breach. This will help with troubleshooting and performance and provide for a robust and scalable implementation. Connected networks should have VLANs implemented if physical separation is not possible. Minimize points of failure and entry points for hackers. It isn’t feasible to replace your network and consider a top gap in implementing intelligent routers to convert between VLANs. Ensure your network implements Access Control Lists, lockdowns, firewall rules, and policies that restrict and contain traffic and devices. These solutions don’t need to be expensive, just well planned.
Step 4: Active Monitoring––Protect Your Business
Implement an ongoing monitoring process and consider active alerting to notify you of unauthorized devices. Active monitoring can also be implemented to ensure your devices are patched and maintained. IoT devices are just like computers. They need constant and proactive scanning, malware protection, and a multi-layered approach to security.
With the ease of procurement and implementation, businesses are trading off their privacy and their security. For many, unfortunately, their businesses, as hackers and other malicious threats, target IoT devices and the networks they reside on.