Millions of IoT devices lack adequate security controls and are therefore exposed to cyber attacks. Security fears are paramount in both enterprise and consumer minds; a study from Metova in June found that while 85% of consumers polled would like to monitor utility usage in real-time through IoT devices, full understanding of the term was still required.
The top 10 security strategies are:
- Changing or updating default passwords over a period of time: According to Thytoctic, 80% of all cyber security attacks involve a weak or stolen password. Changing your password regularly reduces your risk of exposure and avoids a number of dangers.
- Maintaining separate corporate network from vendor-managed and unmanaged IoT devices: Whenever possible, separate the corporate network from vendor-managed and unmanaged IoT devices. This might include HVAC systems, security cameras, temperature control devices, electronic signage, smart televisions, media centers, security DVRs and NVRs, network-connected clocks, and network-connected lighting. Use VLANs to separate and keep track of various IoT devices on the network. Lastly, apply an Access Control List, or ACL, to VLANs or network access ports whenever possible to limit communication to the least amount that is required for device operation.
- Preventing IoT devices from communicating outside the organisation unless it is extremely important: Many devices run archaic operating systems and many embedded operating systems can be used to reach out to command-and-control locations. Systems can be compromised during the manufacturing process. While it’s impossible to completely eliminate an IoT security threat, businesses can prevent IoT devices from communicating outside of the organization unless absolutely necessary.
- Businesses can put control to limit the number of vendors that are being granted remote access to IoT devices: To improve IoT security, businesses can put controls in place to limit the number of vendors granted remote access to IoT devices. Access can be limited to those individuals performing tasks under the supervision of knowledgeable employees, which might include access through remote hands, such as WebEx. When remote access is absolutely necessary, ensure those vendors use the same solutions as would in-house personnel.
- Implementing a NAC solution to improve IoT security by detecting maximum devices and identifying suspicious connections to the network: A NAC solution with proper switch and wireless integrations can help an organization improve IoT security by detecting most devices and identifying rogue connections to the network. It can also apply controls to the devices that are not authorized or granted merely limited access to the network.
- Implementing vulnerability scanners provided by commercial vendors help identify the types of devices connected to a network: Vulnerability scanners from commercial vendors are effective in detecting the types of devices connected to a network and are, thus, useful tools for organizations looking to enhance their IoT security.
- Running an IDS and IPS on the network to detect malicious network traffic, which saves an IoT device from being compromised: While continually running an IDS or IPS on the network will not detect all malicious network traffic, it can offer a good indication when an IoT device has been compromised should it traverse the IDS/IPS.
- Ensure proper management of all IoT devices: Proper device management includes both patch management at the local device level along with enterprise-wide inventory management. Inventory management will ensure remotely managed devices are cataloged, with records in place detailing registration, configuration, authentication, and other pertinent device data.
- Restrict internal and external port communication on firewalls: To elevate IoT security, Cyber Security Services also recommends that companies prevent outbound communication unless that communication is specifically required.
- Remove unsupported operating systems, applications, and devices from the network: To improve IoT security, conduct an inventory that reveals which operating system a device might be running.
In a survey of 232 healthcare security decision-makers, 50% of the respondents cited IT network as the most prominent vulnerable spot within healthcare organisations, followed by 45% of the mobile devices and accompanying apps and 42% IoT devices.
