Do you remember the Mirai botnet attack?
If your enterprise had any online presence on October 12, 2016, then you most likely do—and with a shudder at that. The IoT botnet attack brought down huge parts of the Internet, especially on the east coast of the U.S.A. Thankfully, we haven’t seen an IoT botnet attack on the same scale since that fateful day, but enterprises are adding fuel to a potential fire by fostering the growing IoT market. According to a Ponemon study, 16,000 IoT devices connect to the average enterprise’s network every day.
That’s where IoT Endpoint Security Best Practices come in: to secure what seems on the surface inherently insecure.
The Context for IoT Endpoint Security
By definition, an IoT device refers to any non-computer electronic device that possesses processing power and an internet connection. Devices can include cameras, smart watches, routers, voice-activated assistant devices, etc.
The problem with these devices connecting to your enterprise’s network is that IoT devices are most often run on firmware that is difficult to patch if not outright impossible. Additionally, if they have come with administrative passwords on their processor, they are usually incredibly easy to guess or crack. Consumer-facing IoT devices often have their specs and firmware published by manufacturers online, accessible to anyone and therefore easily reverse-engineered to reveal security vulnerabilities.
97% of enterprises, according to a Ponemon study, believe they will suffer a catastrophic IoT-related data breach in the near future. 81% of enterprises say that an unsecured IoT device will cause a data breach in their enterprise over the next two years.
Put another way, IoT devices are a growing attack surface in your enterprise’s IT environment. Yet it can be challenging to even evaluate how many IoT devices are connecting to your enterprise’s network. Only 45% of enterprise respondents to Ponemon believe it is possible for them to keep an inventory of all of their IoT devices. 88% said that the absence of a centralized control dashboard as the primary reason for this challenge.
IoT Endpoint Security Best Practices
In order to fight against letting IoT devices becoming an unguarded attack vector in your network, follow these IoT endpoint security best practices:
Initiate An Incident Response Plan
Prevention is a critical aspect of cybersecurity and endpoint security in particular, but the sad truth is that no system can protect against 100% of threats. When a threat does inevitably break through your preventative measures, you need to make sure that employees and IT security team members can recognize the threat and know what to do to contain it and alert relevant parties.
Deploy Only Appropriate IoT Devices
This may seem like an odd point to be included in a list of IoT endpoint security best practices, but it’s actually important to recognize that your own selection process is a factor in your security.
If you are selecting a new IoT device, make sure that device can be remotely updated. If you have older IoT devices, see if they have been updated recently and if they are even still receiving updates. If they can’t be updated, or are no longer receiving updates, it is time to disconnect it from your network. Find a new device that does the same functions, and keep all of your devices updated.
Turn Off The Devices You Aren’t Using.
Common sense? Yes. But it’s still a good step to enforce in your employees’ everyday behavior. And when you turn IoT devices off, also take a moment to deliberately disconnect them—many IoT devices continue to function while “off.”
Keep IoT Devices “Separate”
This means separate on the network—behind its own firewall and monitored network if possible— but also out of reach from employees’ physical reach. Unless absolutely necessary, employees should haven’t access to IoT devices. They can easily change the password on these items and increase the risk of insider threats.
Encrypt and Monitor
Always, always encrypt your IoT devices when possible. If you can, only connect IoT devices with encryption.
Further, your IT security team should be monitoring the network traffic stemming from and going to your IoT devices. This can help detect suspicious activity and DDoS attacks before they occur.
These are all good places to start, but for optimal success make sure that IoT endpoint security best practices are incorporated into your business processes and employees’ behavior. Your security is dependent as much on your teams as it is on your solutions. Work with your solution, not against.
Latest posts by Ben Canner (see all)
- Endpoint Security Automation with Liviu Arsene of Bitdefender - November 14, 2018
- Key Findings: Secureworks State of Cybercrime Report 2018 - November 14, 2018
- What is Grayware and How Can You Defend Against It? - November 13, 2018