Intelligent CIO North America Issue 14 | Page 26

TRENDING
Who is being targeted ?
The top three nations targeted by IoT attacks were Ireland ( 48 %), the United States ( 32 %) and China ( 14 %). The majority of compromised IoT devices , nearly 90 %, were observed sending data back to servers in one of three countries : China ( 56 %), the United States ( 19 %) or India ( 14 %).
How can organizations protect themselves ?
As the list of ‘ smart ’ devices out in the world grows on a daily basis , it ’ s almost impossible to keep them from entering your organization .
Rather than trying to eliminate shadow IT , IT teams should enact access policies that keep these devices from serving as open doors to the most sensitive business data and applications . These policies and strategies can be employed whether or not IT teams ( or other employees ) are on-premises . ThreatLabz recommends the following tips to mitigate the threat of IoT malware , both on managed and BYOD devices :
• Gain visibility into all your network devices . Deploy solutions able to review and analyze network logs to understand all devices communicating across your network and what they do .
• Change all default passwords . Password control may not always be possible , but a basic first step for deploying corporate-owned IoT devices should be to update passwords and deploy twofactor authentication .
• Update and patch regularly . Many industriesparticularly manufacturing and healthcare-rely on IoT devices for their day-to-day workflows . Make sure you stay apprised of any new vulnerabilities that are discovered and that you keep device security up-to-date with the latest patches .
• Implement a zero trust security architecture . Enforce strict policies for your corporate assets so that users and devices can access only what they need , and only after authentication . Restrict communication to relevant IPs , ASNs and ports needed for external access . Unsanctioned IoT devices that require Internet access should go through traffic inspection and be blocked from all corporate data , ideally through a proxy . The only way to stop shadow IoT devices from posing a threat to corporate networks is to eliminate implicit-trust policies and tightly control access to sensitive data using dynamic identity-based authentication – also known as zero trust . p
26 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com