Internet of Things (IoT) devices shape the digital infrastructure of companies in diverse industries from manufacturing to healthcare. The benefits of Internet-connected sensors, actuators, and the data they provide are well-understood. However, the rapid growth of IoT infrastructure and its unique attack surface makes IoT security an important challenge to address. This article takes a look at the current state of IoT security and offers some actionable best practices to make connected businesses more secure.
Kaspersky reported that IoT cyberattacks doubled during the first half of 2021 compared to the same period in 2020. Threat actors continually adjust their tactics to focus on potential areas of weakness in security postures—they know how difficult it is to keep up with the explosive volume of IoT device growth and stay secure. Here are some of the trends shaping the current IoT security landscape.
Personal IoT Devices on Corporate Networks
Personal smart devices continue to expand the IoT attack surface. With many employees retaining a hybrid work arrangement, these domestic IoT devices are connecting to corporate networks. One survey found 78 percent of IT decision-makers reported an increase in non-business IoT devices on corporate networks.
Threat actors that compromise weak IoT security in personal devices can control those devices and attempt to access personal laptops and desktop workstations connected to corporate networks. Heart rate monitors, smart lightbulbs and coffee machines are just a few examples of the internet-connected appliances people use in their homes.
These shadow IoT devices are a huge security threat because organizations don’t have visibility into them and employees don’t necessarily consider their security implications while working from home. As 2022 unfolds, expect shadow IoT to pose security hazards for organizations in many different industries.
Mirai Variants Causing Damage
In 2016, the Mirai malware emerged and wreaked havoc for some of the largest organizations in the world by creating a botnet of internet-connected printers, IP cameras and baby monitors. Services including Amazon, Twitter and Reddit were disrupted from DDoS attacks that used this botnet.
Almost six years later, Mirai variants continue to emerge and attack businesses. The original developers released the malware’s codebase for anyone to use, which has led to the creation of damaging variants. Typically, for-profit adversaries use Mirai variants to create large botnets or even steal sensitive data from compromised IoT devices.
The IoT vulnerabilities exploited by Mirai variants target insecure operating systems, memory corruption exploits, and weak or improper authentication. The more devices added to a botnet, the more powerful it becomes. As more sensors and actuators connect to corporate networks, expect variants of Mirai to continue targeting unsecured devices.
Increased IT-OT Convergence
The threat of industrial IoT cyberattacks keeps many security leaders awake at night. Operational downtime in industries such as automotive and manufacturing is extremely costly. In recent years, many organizations prioritized greater convergence between IT and OT (operational technology) systems as part of their digital transformation plans.
IoT sensors and actuators on plant floors increasingly create “smart” operational systems. Data flows from these industrial systems via IoT devices to the IT network, where analysts dissect the data and attempt to glean insights that improve efficiency, increase automation or reduce costs. IoT is the link that converges IT and OT, and any security flaws in a network’s architecture bring huge risks to operations.
If IT and OT aren’t converged with security as the top priority, cyberattacks can proliferate from IT systems through IoT devices and into the OT environment. Once a threat actor gains control of operational equipment, all bets are off the table in terms of what can happen. From operational tweaks that affect end products to complete production halts, IT-OT convergence is critical to address from a security standpoint and it starts with effective IoT security.
The complexities introduced by IoT devices can make securing your environment feel like an overwhelming challenge. IoT security doesn’t need to be too complicated; you can prevent many threats with some of the following simple and effective best practices.
Change Default Passwords and Credentials
Arguably the biggest IoT security threats stem from the most glaring weakness—keeping default credentials on devices. The advice to change passwords and default credentials might sound trite or obvious, but it’s critical for effective security.
Threat actors often use freely available scanners to look for any IoT devices on the web that use default usernames and passwords. These credentials are typically supplied by vendors, and when they’re not changed, you can end up in a world of trouble.
Compromising default IoT passwords is low-hanging fruit for today’s opportunistic cybercriminals. Once they have access to and control over an IoT device, adversaries can install malware, exfiltrate data or engage in any number of other malicious activities.
Prioritize Asset Inventory and Tracking
Effective IoT security starts with knowing exactly what’s connected to your network. Discovering these devices manually is a challenge, but there are solutions available to assist you. Having an asset inventory lets you create a profile of what connected devices are in your environment, what they can do, and what type of operating systems and software they’re running.
It’s important to also track your IoT devices and quickly flag potential security weakness. These weaknesses might include default credentials or outdated operating systems that need a critical security patch applied to them.
Use a Segmented Network Architecture
Proper network segmentation is imperative for robust IoT security. A best practice is to use tightly controlled security zones that securely separate and filter traffic and workloads between IoT devices and IT devices to prevent lateral movement.
Segmented network architecture is also critical to address threats introduced by increased IT-OT convergence. Ideally, organizations should use an industrial demilitarized zone (iDMZ) to mitigate security risks from attacks on IT environments propagating into operational technologies.
Monitor, Detect and Respond
Relying on reactive approaches to security incidents no longer suffices in dealing with today’s complicated IoT threats. A proactive approach uses constant threat monitoring and rapid incident response to thwart attacks in their tracks before they inflict damage.
Continuous monitoring helps understand and analyze the behavior of IoT devices on your network and their workloads. Using this behavioral data, you can detect and respond to in-progress security incidents much faster.
24/7 monitoring, detection and response are important functions for IoT security, but not every organization has the resources to dedicate exclusively to these capabilities. Nuspire’s managed detection and response (MDR) boosts cybersecurity efficiency with a team of security experts on-hand to proactively monitor your environment, escalate incidents and provide clear remediation steps.
Contact us today to learn more about securing your network, endpoints and cloud to safeguard your business from the risks of IoT.