Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

When It Comes to IoT Security, Consistency Is Key

Each day, businesses are connecting thousands of devices to the internet. From conference room smart TVs to thermostats, most of these devices were purpose-built to perform a single function without security in mind. While this influx of technology is instrumental to the evolution of our digital age, it also presents a new layer of risk to organizations.

Each day, businesses are connecting thousands of devices to the internet. From conference room smart TVs to thermostats, most of these devices were purpose-built to perform a single function without security in mind. While this influx of technology is instrumental to the evolution of our digital age, it also presents a new layer of risk to organizations. With Gartner projecting the number of connected devices to reach 20 billion by 2020, even a small percentage of infected devices could present a major security threat to broader systems and networks.   

While IoT standards are emerging, they are as fragmented as the IoT marketplace itself. Such a wide variance in the types of devices, use cases and applications being developed has made IoT security challenging for organizations to address. The majority of IoT devices are low-power and low-cost endpoints that have limited processing power and capabilities, making it infeasible to enact security capabilities on the devices themselves. And lacking consistent visibility into where information from these devices is flowing, where it resides and how to control it, the attack surface broadens, giving cyber attackers more opportunities to obtain and use sensitive information. This makes security within the environments where the controllers and IoT applications reside critical.   

As the IoT Cybersecurity Alliance recently highlighted in its examination of the current, complex state of IoT cybersecurity, the stakes are high – IoT initiatives will likely spread well beyond the IT function and affect many aspects of business, from the supply chain to the point of sale. So, given all of the challenges with IoT security, how can organizations protect themselves from the influx of insecure IoT devices traversing their networks? The key to enabling a successful security posture for IoT is consistency. Just as there should be consistency across network, endpoint and cloud security, there should be the same consistency in identification, prevention, policy and enforcement of that policy for IoT security. To achieve this, it is important to have:   

• Complete visibility across multiple locations and network domains in the IoT value chain – You cannot protect against threats you cannot see. Just like having full visibility into applications, content and users is the first step towards informed policy control on your network, the same concept applies to IoT. Additionally, new regulations and requirements are driving the need for businesses to have better visibility, meaning security across the board needs to be better at stopping attacks before they happen.  

• Natively Integrated Security Functions – Having a complex security environment with functions that cannot speak to one another has a negative impact on your operational efficiency, increasing costs and placing extra burden on your network defender teams. Ideally, you want natively integrated functions that work together, sharing consistent information to reduce your IoT threat footprint.  

• High levels of automation across these functions and locations in order to rapidly identify advanced attacks and ensure that new security enforcement mechanisms can be deployed in near-real time. – It is important that your security is highly automated to not only prevent known IoT attacks, but also provide you with the necessary analysis of permitted traffic flows to make unknown attacks known.  

Staying consistent in your approach to security ensures that you are doing your part to detect and stop advanced cyberthreats, and prevent networks and controller environments from device-initiated attacks.

Written By

Click to comment

Expert Insights

Related Content

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

Today’s growing attack surface is dominated by non-traditional endpoints.

IoT Security

Taiwan-based networking and storage solutions provider Synology has informed customers about the availability of patches for several critical vulnerabilities, including flaws likely exploited recently...

IoT Security

A researcher has published proof-of-concept (PoC) videos to demonstrate how an attacker can remotely unlock the doors of a Honda vehicle, or even start...

IoT Security

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV...

Cybercrime

The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a Linux kernel flaw to its Known Exploited Vulnerabilities Catalog and instructed federal...