Managing the Risk of the Internet of Things
Sound cyber security practices minimize risk from IoT devices.
Gartner estimates 8.4 billion IoT devices are connected worldwide today, up 31 percent from 2016 and expected to reach 20.4 billion by 2020. While 63 percent of the Internet of Things (IoT) applications are created for consumers, enterprise security professionals should be mindful of security implications of IoT devices. Forrester soberly warns that more than a half-million IoT devices will be compromised this year – a potential impact more significant than many headline-grabbing attacks, including Heartbleed.
A nascent, lucrative IoT market has spurred a rush to innovate and secure the first-to-market advantage. Unfortunately, developers sometimes forgo essential security features, leaving IoT devices and users at risk. Further, the lack of established standards for these devices makes security management an even bigger challenge. To overcome these challenges and demystify the IoT the National Institute of Standards and Technology (NIST) released special publication 800-183. Additionally, the following sound cyber security practices can be applied to a risk management strategy to address risk from IoT devices.
- Take Inventory – IoT devices may not resemble a “tech” device or initially fall under the purview of the IT department. Nevertheless, IT must have a thorough inventory of the entire environment to manage risk. Engage operations and the line of business to get a complete view of IoT devices connected to the network.
- Change Default Settings – the majority of documented IoT-based breaches take advantage of default device settings that were never changed. Update the password and user name on every device.
- Build an IoT Plan – build a specific security plan for IoT devices, including properly trained staff who have knowledge of the latest attacks and remediations. Ensure the IoT security plan includes a proven disaster recovery process.
- Segment the Network – isolate IoT devices on their own network. Keeping IoT devices separate from sensitive data and systems can help thwart lateral movement in the event of a breach and enable faster containment.
- Educate Employees – given the immaturity of IoT technology, ensure security personnel receive the latest training. Everyone should be educated on the risks of IoT, especially if an organization liberally allows employees to bring their own devices.
TalaTek can strengthen your risk and security policies and procedures. Contact us to learn how we can help you apply a sound information security strategy across your organization, including IoT. You can reach us at firstname.lastname@example.org