The Internet of Things (IoT) continues to transform the way enterprises conduct their business practices. Therefore, you must prioritize IoT security in 2019 if you truly want to enact stronger endpoint security in your organization.
IoT Devices Continue to Proliferate
According to endpoint protection platform providers such as Cisco, the number of IoT devices will surpass 50 billion by 2020. Enterprises, in turn, will invest hundreds of millions of dollars into IoT tools during this time to improve their business efficiency.
As is so often the case, hackers and external threat actors see the adoption of new technologies as a golden opportunity for malice. According to Symantec, in 2017 alone IoT device attacks rose 600%.
That statistic alone should encourage you to make IoT security in 2019 a top Endpoint Security priority. If you still need persuading, let’s dive deeper into the issue:
Continued IoT Security Neglect Poses Significant Risk
Enterprises may have trouble believing how much neglect continues to define IoT security in 2019. Sadly, despite the numerous warnings and outright attacks on/via IoT devices, manufacturers still consider security a non-issue (according to their practices, at least).
IoT devices rarely, if ever, have any cybersecurity or endpoint security whatsoever installed before shipping. In some cases, the devices still contain manufacturers’ administrative login credentials, making them an ideal infection point for external hackers.
Moreover, even if the devices do possess some rudimentary cybersecurity, these programs often reveal themselves as difficult to update or patch. Sometimes the manufacturers neglect to patch their IoT security at all. Other times they fail to announce the patch or direct IT teams to the steps for patching the devices adequately.
Unfortunately, this results in enterprise customers having to take responsibility for their IoT security in 2019 through their endpoint security solution.
Where Are Your IoT Devices?
Endpoint security and IoT security in 2019 both work to increase enterprise network visibility; after all, you cannot protect what you cannot see or what you don’t know exists. Hackers favor the shadowy areas of your digital infrastructure. Ideally, therefore, your cybersecurity should work as a searchlight (if you’ll forgive the metaphor).
However, visibility remains a crucial issue with IoT devices. Due to the manner in which they connect to Wi-Fi and the network, many devices do not automatically reveal themselves to security teams or legacy endpoint security or the network itself. This makes them the equivalent of a darkened alley, where cybercriminals can work their malicious actions without fear of detection.
IoT, Cryptocurrency Mining, and Disruption Attacks
We’ve already seen some of the worst the effects of IoT attacks—most famously the Mirai Botnet which shut down large swathes of the U.S. electric infrastructure. However, this only constitutes one possible attack via the IoT. Others include:
- General Disruption Attacks. An IoT attack can disrupt business processes, device performance, or customer interactions.
- Ransomware. Hackers can hold IoT devices for ransom through malware, potentially shutting down your own manufacturing processes or preventing critical interactions until they receive payment.
- Cryptocurrency Mining Malware (Cryptojacking). Hackers can dwell on IoT devices, using their processing power and electricity to surreptitiously mine cryptocurrency and ruining the device’s performance.
- Man-in-the-Middle Attacks. Hackers could use the IoT devices as a stepping stone for a lateral movement attack allowing them to reach their actual target. This can also apply to cloud infrastructures.
- Espionage. IoT devices by their nature are “always on,” and thus can overhear conversations or collect confidential information. A hacker dwelling on a device can hear a company secret come right from your own mouth if you aren’t careful.
How to Improve Your IoT Security in 2019
First, make sure you have a next-generation endpoint protection platform which can adequately and completely protect IoT devices across your network. Ideally, your EPP solution should increase your network visibility and enable you to find any rogue IoT devices.
Secondly, have a clear and accurate idea of the IoT devices connecting to the network. Be aware of their intended purpose, their physical location in your enterprise, and their digital location. Have your IT security team maintain a list of IoT devices and their patch schedules if any.
Third, use best practices with IoT devices. Always turn off or disconnect IoT devices when they aren’t in use, if possible. If not possible, keep them away from physical locations where private conversations occur. Try to purchase only IoT devices with a proven security record or with strong update support.
Finally, train your employees in cybersecurity best practices and security awareness. You can’t watch your employees 24/7; they have to adopt some of the endpoint security strategies necessary to fortifying your perimeter.
IoT security in 2019 depends entirely on you and your endpoint security. If you want to participate in this business revolution, you need to take the steps to protect yourself.
Latest posts by Ben Canner (see all)
- Endpoint Protection Capabilities You Need for the Cloud - April 18, 2019
- Endpoint Monitoring, EDR, and Endpoint Security: What Do You Need? - April 17, 2019
- Opinion: Can Your Cybersecurity Be a Competitive Advantage? - April 12, 2019