Understanding The Threats That Come With The IoT
With a blurred line between home and business, what’s the true risk of connected devices?
Add bookmarkAccording to Gartner, 8.4 billion connected “things” were in use last year. Although these devices bring convenience and ease, they also significantly expand the attack surface. Cyber criminals are already working out that they can manipulate the IoT for their purposes, and 2018 saw several attacks with IoT at the center. In 2019, it's undoubtedly time to start better understanding the risk these devices pose.
See Related: “Implementing A Risk-Based Cyber Security Framework”
During the 2019 Cyber Security Digital Summit, COO for TraceSecurity Ryan Castle discussed how to understand the blurred lines between home and business. In other words, “What’s the risk of customers and employees using connected devices?”
First, Castle went over what exactly is the IoT — non-standard computing devices with connectivity to the internet per its definition. That could be through sensors, household devices, smart home equipment and printers. Next, he explained what is still the same when it comes to security and connected devices, as well as the differences that can make it more challenging to determine the right security strategy. Some include:
- Longer lifespans: the lifespans of IoT devices tend to be longer than standard workstations and servers.
- Security patches for these devices are less frequent.
- Typically embedded OS and proprietary software which are usually not patched, maintained or heavily reviewed for security.
So What Can The Enterprise Do?
Mitigating DDoS attacks with secure IoT endpoints and understanding and plugging the security gaps created by IoT were also topics of discussion for Castle. Finally, he closed out the session by letting attendees know what they can do about handling the threats that come with the IoT:
- Take inventory (knowing what you have is half the battle)
- Risk assessment
- Segmentation/segregation
- Password management
- Secure configuration
- Pen testing
- Incident response plan
- Partner
To find out more details around what the enterprise can do, listen to the full Digital Summit session on demand.