And here we are again to the Internet of Things….
We’ve written numerous times before about the Internet of Things (IoT) in a cybersecurity context. For the uninitiated, the IoT refers to any item, product, or gadget capable of connecting to a network or to the internet at large. These can be items as vital to your everyday business processes as conference room speakers, web cameras, digital assistants or mundane devices like smart refrigerators in your break rooms.
Every new IoT device connecting to your enterprise becomes a new part of your digital perimeter, the first point of entry for hackers looking to steal your data or destroy your IT environment.
Yet the IoT is a notoriously porous part of any enterprise’s perimeter…a part often neglected by legacy endpoint security solutions.
Why the IoT is Continually Unsecured
The bulk of the problem lies with manufacturers.
Even as IoT devices become mass produced and more widely available, few manufacturers are investing the time or resources to implement endpoint security into their products. Therefore, many items come to the market and are purchased before anyone realizes the security issues they carry.
These are not idle issues. Experts have proven hackers could use something as simple as a smart kettle to gain access to enterprise Wi-Fi keys. In theory, they could hold entire heating systems hostage via ransomware. In practice, hackers have already used internet-connected fish tanks to steal millions from a casino. The IoT was an essential part of the Mirai botnet attack, one of the most devastating cyber attacks in history.
Furthermore, even when the manufacturers do implement firmware security into their devices, these are often weak and or creates security integration issues with legacy endpoint security solutions.
But enterprises themselves are just as complicit in this problem.
There is No Such Thing as Set-It-And-Forget-It
This is true of every component, category, and capability of cybersecurity: nothing works optimally (or in some cases, at all) if you do not participate with it and actively engage with it.
This proves doubly true for the IoT. Just plugging an IoT capable device into your network and walking away is the rough equivalent of installing a new entryway into your home…and never installing a door.
These devices left on their own will not have access to the essential firmware and software updates necessary to their defenses. Additionally, ignoring IoT devices creates visibility issues, as they become blindspots in your security perimeter. Hackers could easily establish a foothold into your network without your security team even realizing it.
This is a problem. What can you do to prevent this from happening?
You Need a Next-Gen Endpoint Security Solution
Legacy endpoint security solutions, given their age, are simply not equipped to handle the IoT in the same way they are not equipped to handle modern threats like fileless malware. Only a truly next-gen endpoint security solution will have the capabilities and the threat intelligence to bestow visibility into IoT devices and secure them from external threats. They can create alerts for your IoT devices and implement machine learning to prevent your security team from becoming overworked.
We continue to write about the IoT because it continues to be an endpoint security issue for so many enterprises. This is your opportunity for introspection. Is this a problem for you?
And if it is, what do you intend to do about it?
Latest posts by Ben Canner (see all)
- 4 Key Lessons for Enterprise Mobile Device Security - September 11, 2019
- 3 Ways to Refine Your Enterprise Endpoint Security Strategy - September 10, 2019
- Palo Alto Networks Acquires Zingbox for IoT Security - September 6, 2019