The IoT is not a conventional IT system and this makes it harder to secure. Read on to know more why it’s a challenge securing IoT systems…
Connecting various digital devices in IoT systems is always vulnerable from security and privacy aspects. If data within the Internet of Things (IoT) is not secured properly, it puts the organization’s reputation in jeopardy. More than that the greater threat is that an attacker could take over the functionality of poorly secured devices. In the US, unpatched MRI machine and infusion pump to to administer a lethal dose of medicine connected to IoT are vulnerable to malwares. Chances of hackers gaining control of medical devices such as pacemakers and insulin pumps could prove fatal that can create a life-or-death scenario. It’s these factors that make IoT systems more challenging to secure compared to conventional IT security systems.
The answer to these concerns is to practice security and privacy by design, not as an afterthought. When developing IoT technologies, security is the key ingredient to any system which IoT manufacturers need to think about from the very beginning — rather than wait much to think about security and making security as an add-on.
When it comes to securing IoT, the fact that there are so many different players behind an IoT solution and none of them are viewing security as a shared responsibility. The issue with IoT devices is that they have little security and are virtually unsecured. They typically don’t run standard operating systems that support the commonly used security tools or just don’t have enough memory for them. In conventional security sphere, there’s an entire Industry of life-cycle-management software that tracks, patches and rolls back buggy software. In the IoT world, the challenges of security patch management is much more complex than we have thought. Many also lack the ability to apply firmware updates, making it almost impossible to patch security vulnerabilities as they are discovered in the wild.
It’s rare that manufacturers offer security updates or patches, most IT security teams find it very difficult to keep up with these patches. Existing enterprise security tools that monitor device state don’t work on IoT based devices within the network as they have no visibility into these IoT devices. None of the standard layers of cybersecurity, from firewalls to endpoint security, can provide adequate protection for IoT within the network.
Two verticals in which securing IoT systems have been challenging is the manufacturing and healthcare sectors. These sectors have broad exposure to the increased security risks brought by unprotected IoT devices. Manufacturing process control requires a plethora of IoT devices. These can include smart water meters, sensors to measure flow rates, viscosity, temperatures, pressure, and much more. Factory assembly lines depend on feedback and measurement from a myriad of devices, many of which are wireless connected.
In healthcare sector the list of IoT devices is growing at an exponential rate in the US and EU countries. Diagnostic laboratory equipments include multitude of sensors within intensive care, activity trackers for cancer treatment, pacemakers, insulin delivery systems, coagulation testing, advanced patient monitoring, RFID tags on pharmaceuticals, portable x-ray machines, blood analyzers, and much more all depend on IoT devices.
Securing IoT Devices
Best security practices and the technologies that support them offer expanded capabilities to secure IoT devices in your networks. One of the most powerful new strategies is network segmentation. Micro-segmentation is placed inline to all enclave traffic within your networks. It substantially reduces east-west traffic i.e. lateral movement within the networks. Micro-segmentation allows you to assign policies to all devices and users in your networks that define who is allowed to talk to who and what resources are permitted to be accessed. These security policies are based on user, port, and IP address and bring automation to allow their use across the largest enterprise. Micro-segmentation stops cyber-attackers from being able to utilize IoT devices either as ‘slaves’ in a botnet or as backdoors for other forms of sophisticated attack.
Micro-segmentation can also be combined with new technologies, such as Moving Target Cyber-defense (MTD) that can further reduce the attack surface available. While segmentation reduces attack surface, cyber-attackers are still able to perform reconnaissance and steal actionable network information for attack planning purposes. MTD stops all adversary reconnaissance from compromised endpoints or insider threats. If they cannot see it, they cannot find it, and this places another blanket of protection around IoT devices. IP addresses for IoT devices are obscured and effectively invisible to attackers. This works to protect all the unsecured legacy IoT devices that are already installed within your networks.
Both segmentation and moving target cyber-defense can be added to your current defense strategy to enable you to substantially reduce the risk of your IoT devices being compromised. These new technologies enable you to protect your current installed base of IoT devices and to accommodate almost any variety of IoT devices that you need to add to your networks in the future.