Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

When It Comes to IoT Security, Consistency Is Key

Each day, businesses are connecting thousands of devices to the internet. From conference room smart TVs to thermostats, most of these devices were purpose-built to perform a single function without security in mind. While this influx of technology is instrumental to the evolution of our digital age, it also presents a new layer of risk to organizations.

Each day, businesses are connecting thousands of devices to the internet. From conference room smart TVs to thermostats, most of these devices were purpose-built to perform a single function without security in mind. While this influx of technology is instrumental to the evolution of our digital age, it also presents a new layer of risk to organizations. With Gartner projecting the number of connected devices to reach 20 billion by 2020, even a small percentage of infected devices could present a major security threat to broader systems and networks.   

While IoT standards are emerging, they are as fragmented as the IoT marketplace itself. Such a wide variance in the types of devices, use cases and applications being developed has made IoT security challenging for organizations to address. The majority of IoT devices are low-power and low-cost endpoints that have limited processing power and capabilities, making it infeasible to enact security capabilities on the devices themselves. And lacking consistent visibility into where information from these devices is flowing, where it resides and how to control it, the attack surface broadens, giving cyber attackers more opportunities to obtain and use sensitive information. This makes security within the environments where the controllers and IoT applications reside critical.   

As the IoT Cybersecurity Alliance recently highlighted in its examination of the current, complex state of IoT cybersecurity, the stakes are high – IoT initiatives will likely spread well beyond the IT function and affect many aspects of business, from the supply chain to the point of sale. So, given all of the challenges with IoT security, how can organizations protect themselves from the influx of insecure IoT devices traversing their networks? The key to enabling a successful security posture for IoT is consistency. Just as there should be consistency across network, endpoint and cloud security, there should be the same consistency in identification, prevention, policy and enforcement of that policy for IoT security. To achieve this, it is important to have:   

• Complete visibility across multiple locations and network domains in the IoT value chain – You cannot protect against threats you cannot see. Just like having full visibility into applications, content and users is the first step towards informed policy control on your network, the same concept applies to IoT. Additionally, new regulations and requirements are driving the need for businesses to have better visibility, meaning security across the board needs to be better at stopping attacks before they happen.  

• Natively Integrated Security Functions – Having a complex security environment with functions that cannot speak to one another has a negative impact on your operational efficiency, increasing costs and placing extra burden on your network defender teams. Ideally, you want natively integrated functions that work together, sharing consistent information to reduce your IoT threat footprint.  

• High levels of automation across these functions and locations in order to rapidly identify advanced attacks and ensure that new security enforcement mechanisms can be deployed in near-real time. – It is important that your security is highly automated to not only prevent known IoT attacks, but also provide you with the necessary analysis of permitted traffic flows to make unknown attacks known.  

Staying consistent in your approach to security ensures that you are doing your part to detect and stop advanced cyberthreats, and prevent networks and controller environments from device-initiated attacks.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

IoT Security

Hikvision patches CVE-2023-28808, a critical authentication bypass vulnerability that exposes video data stored on its Hybrid SAN and cluster storage products.

ICS/OT

As smart cities evolve with more and more integrated connected services, cybersecurity concerns will increase dramatically.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

Researchers at offensive hacking shop Synacktiv demonstrated successful exploit chains and were able to “fully compromise” Tesla’s newest electric car and take top billing...