Intelligent CIO Europe Issue 11 | Page 38

EDITOR’S QUESTION ///////////////// vulnerabilities, unprotected patches or upgrades and ‘man-in-the-middle’ attacks. The challenge of securing IoT F rom 2016 to 2017, the number of IoT attacks increased from roughly 6,000 to 50,000 – a 600% rise in a single year. IoT device adoption – both consumer and industrial – is growing exponentially and like all attacks, IoT incidents are unpredictable and can potentially cause tremendous damage. In the Mirai botnet DDoS attack, for example, users hadn’t changed the default passwords of hundreds of thousands of older webcams, DVRs and routers – an all too common reality. Armed with malicious code, hackers targeted out-of-date Linux kernel versions in the devices and then flooded one of the largest DNS providers with traffic. Systems overloaded and failed, taking down numerous websites, including Etsy, GitHub, Netflix, Spotify and Twitter. According to New York Times reports from intelligence officials and technology companies, this year state-sponsored Russian hackers appear far more interested in disrupting the US electricity grid. As IoT adoption continues, the risk of a potentially 38 INTELLIGENTCIO life-threatening infrastructure attack – such as power grids, gas lines and hospitals – becomes all the more likely. Reviewing the IoT risk Securing IoT is a complex and extensive challenge. IoT devices are deployed over a wide attack surface and contain numerous threat vectors, including authentication and authorisation, software, device threats, network threats and OS level vulnerabilities. And while many innovative IoT use cases are being deployed, a general lack of standards poses a growing threat. When adopting IoT, enterprises are often not implementing the security governance, policies and compliance required to do so safely. Compounding the problem, many IoT devices aren’t part of a rigorous patch or upgrade routine, leaving them open to security vulnerabilities. It’s vital that any enterprise implementing an IoT project undertakes a detailed review of the potential strategies for attack, including identity compromise, device The first step in securing IoT devices is to view them as assets or entities that are open to attacks in multiple ways. It’s essential to understand IoT device baseline behaviour to be able to identify deviations from established patterns. This enables you to pinpoint rogue activities, such as insider threats for obtaining compromised credentials, accessing sensitive data and lateral movement within the network. Because IoT is a hyper-connected and hyper-distributed collection of resources, there are many behaviours that need to be monitored to keep connected IoT devices in check. Profiling the authorised person(s) who accesses each IoT device can also provide important data on its valid use and overall health. If a ‘credentialed identity’ connects through an IoT device to a database server for the first time, being able to identify such activity in real-time can stop an intruder in their tracks. Remember, most complex threats involve both users and assets. Enterprises implementing IoT need to ensure they have the capability to easily pivot and follow the progression of a security incident – no matter where it reaches their network. www.intelligentcio.com