Threats to IoT Infrastructure
The rise of the Internet of Things (IoT) and growing deployment of IoT devices in the workplace can be extremely beneficial to businesses – whether it’s to improve operational efficiencies or enhance the customer experience. But the introduction of more endpoint sensors and devices that collect and share data also expands the potential cyber and physical attack surface in a way that can leave your organization infinitely more vulnerable from a security perspective. In a recent study on global megatrends in cybersecurity, 82% of IT practitioners were worried about data breaches caused by unsecured IoT devices in their organizations, and 80% reported that those breaches would be extremely damaging to their organizations.
Enterprise and consumer awareness of security risks posed by IoT has not slowed the adoption of connected devices. The fact that CXOs are more focused on network and traditional device security is not lost on hackers eyeing an opportunity to exploit IoT edge devices as gateways for corrupting the system.
According to Kaspersky Lab, many IoT devices, such as video surveillance systems, have been used in the past to gain access to organizations. Not only can hackers use these types of devices to gain entry to networks and release mass random infections into IT and OT systems, but they can also be used as vulnerable points for the release of ransomware. One building’s smart systems could be used in a ransomware attack, for example.
The Difficulties in Protecting IoT Infrastructure
Many companies know the risks associated with using IoT infrastructure, but it can be difficult to defend against the threats these technologies pose. One reason is that the challenges associated with Internet-connected devices necessitate a different security approach than do traditional IT environments and data.
The main difference is that securing these devices involves people and relies on good education for all employees – not just IT security professionals. The trick is to educate employees to the risks associated with IoT devices, and to communicate why it is important to prioritize security over convenience. This can pose another difficulty for many IT departments: hiring and training security talent able to communicate with employees and educating them about their risk. In a field that is already experiencing a dearth of available talent, it can be difficult to find employees who can secure both systems and networks and IoT devices.
What Your Organization Can Do
There are several ways that your business can guard against the threat posed by IoT-enabled devices. One such way is to create a network for IoT devices that is firewalled and monitored separately. That way, if one device is attacked, it is less likely to bring down your enterprise network.
Another effective approach is using multi-factor authentication for your business network. Devices with a user interface can typically be set up to include multi-factor. This drastically reduces the risk that a hacker can gain access to the network using just one IoT device.
SLAIT also recommends using Endpoint Detection and Response tools to identify any out of the ordinary behavior and thwart security threats before they infect the network. SLAIT offers clients a ThreatManage service which includes this type of monitoring, so you can guard against IoT infrastructure threats.