EDITOR’S QUESTION
/////////////////
vulnerabilities, unprotected patches or
upgrades and ‘man-in-the-middle’ attacks.
The challenge of securing IoT
F
rom 2016 to 2017, the number of IoT
attacks increased from roughly 6,000
to 50,000 – a 600% rise in a single
year. IoT device adoption – both consumer
and industrial – is growing exponentially
and like all attacks, IoT incidents are
unpredictable and can potentially cause
tremendous damage.
In the Mirai botnet DDoS attack, for
example, users hadn’t changed the default
passwords of hundreds of thousands of
older webcams, DVRs and routers – an all too
common reality. Armed with malicious code,
hackers targeted out-of-date Linux kernel
versions in the devices and then flooded
one of the largest DNS providers with traffic.
Systems overloaded and failed, taking down
numerous websites, including Etsy, GitHub,
Netflix, Spotify and Twitter.
According to New York Times reports
from intelligence officials and technology
companies, this year state-sponsored
Russian hackers appear far more interested
in disrupting the US electricity grid. As IoT
adoption continues, the risk of a potentially
38
INTELLIGENTCIO
life-threatening infrastructure attack – such
as power grids, gas lines and hospitals –
becomes all the more likely.
Reviewing the IoT risk
Securing IoT is a complex and extensive
challenge. IoT devices are deployed over a
wide attack surface and contain numerous
threat vectors, including authentication
and authorisation, software, device threats,
network threats and OS level vulnerabilities.
And while many innovative IoT use cases are
being deployed, a general lack of standards
poses a growing threat. When adopting IoT,
enterprises are often not implementing the
security governance, policies and compliance
required to do so safely. Compounding the
problem, many IoT devices aren’t part of a
rigorous patch or upgrade routine, leaving
them open to security vulnerabilities.
It’s vital that any enterprise implementing
an IoT project undertakes a detailed review
of the potential strategies for attack,
including identity compromise, device
The first step in securing IoT devices is
to view them as assets or entities that
are open to attacks in multiple ways. It’s
essential to understand IoT device baseline
behaviour to be able to identify deviations
from established patterns. This enables
you to pinpoint rogue activities, such as
insider threats for obtaining compromised
credentials, accessing sensitive data and
lateral movement within the network.
Because IoT is a hyper-connected and
hyper-distributed collection of resources,
there are many behaviours that need to be
monitored to keep connected IoT devices in
check. Profiling the authorised person(s) who
accesses each IoT device can also provide
important data on its valid use and overall
health. If a ‘credentialed identity’ connects
through an IoT device to a database server
for the first time, being able to identify such
activity in real-time can stop an intruder in
their tracks.
Remember, most complex threats
involve both users and assets. Enterprises
implementing IoT need to ensure they have
the capability to easily pivot and follow
the progression of a security incident – no
matter where it reaches their network.
www.intelligentcio.com