https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Thinkstock

Security

Getting a grip on enterprise IoT security

Before buying IoT devices for a corporate or industrial environment, you should follow these steps.
  • Written by Anthony Giandomenico
  • 17th November 2017

The modern enterprise landscape is awash with IoT devices. From connected printers, smart TVs in the boardroom, smart lightbulbs and climate control systems and building security systems, the volume of connected devices in the workplace is steadily growing.

Unfortunately, that traffic from these devices often contains sensitive information that can be intercepted or can hide malware designed to compromise networks or deliver a devastating payload. We are also seeing a trend where vulnerable IoT devices, such as cameras and security systems, are being hijacked, injected with malware and used as cyber weapons and massive IoT botnets to attack other devices or knock businesses offline.

Diving into the world of enterprise IoT security can be eye-opening. Consider that most IoT devices were not designed with security in mind — many of them are headless (do not have a traditional operating system or even the memory or processing power required to include security or install a security client) while an alarming number have passwords hard-coded into their firmware. The result is that many IoT devices cannot be patched or updated.

And even when security software can be installed on the IoT device, the software is often cobbled together from commonly available code or is untested, meaning that most installed security tools can be circumvented by exploiting a wide range of known vulnerabilities. Other security vulnerabilities include: 

  • Weak authentication and authorization protocols.
  • Insecure software.
  • Firmware with hard-coded backdoors.
  • Poorly designed connectivity and communications.
  • Limited to no configurability. 

These issues are so widespread that it is estimated that 70 percent of the most commonly used IoT devices contain known security vulnerabilities. And when they are comprised, most IT organizations admit they are unlikely or highly unlikely to be able to detect the event before it impacts systems and data.

For those looking to purchase connected devices and attach them to the internet through their enterprise network, then, we recommend a multi-phase approach to security.

1. Learn (discover)

Before you buy a device that will connect to your network, it’s time to start asking some tough questions and hammering out your approach to enterprise IoT security.

Questions to ask include: Does this device really need to connect to my network? If so, what applications and devices will it be able to see and connect to? Do we have a way to isolate this device or manage its connection platform?

While most organizations are prepared to secure access through their wireless access points, consider how you will secure devices connecting through alternative methods:

  • Stationary IoT devices, such as HVAC, security systems, card readers or printers are usually located inside the network perimeter and are often hard-wired directly into a network port, bypassing most traditional perimeter controls.
  • Mobile IoT devices use a variety of methods and protocols to connect to the network, including popular methods like Bluetooth and a wide variety of RF protocols, including 6LoWPAN, ANT, DASH7, EnOcean, ISA100.11a, MiWi, NeuRFon, WirelessHART, WiSUN, LoRaWAN, Sigfox and Z-Wave.
  • IoT devices don’t just connect to the network. They can also create their own ad-hoc networks, allowing them to generate and deliver more robust data. It also means that an infection can spread quickly through an IoT network.

Next, research these devices with an eye towards enterprise IoT security. Are there known vulnerabilities? Many connected devices include vulnerable software or backdoors that make them potential targets. Can they be hardened, patched or updated? Can you add passwords? Can they be fixed or easily replaced if a vulnerability is detected? How will you know? Google is your friend here.

2. Segment

Networks need to be configured to identify and provide limited access to IoT devices connected to your network. Segmentation allows you to restrict and monitor IoT devices, the kinds of traffic they generate, the applications and resources they can access, the amount of time they can be connected online and the places on the internet they are allowed to go.

Other options include: 

  • Buying separate wireless access points so IoT devices run on a different network from your PCs and laptops.
  • Setting up a guest network for visitors or new IoT or BYOD devices. Look for access points that allow you to restrict access, set up separate firewall rules, inspect traffic and monitor guest behavior. 

3. Protect

Networks and devices are often compromised because users who buy and deploy these devices are simply unfamiliar with how to secure them. Here are a few tips for your enterprise network.

  • Keep an inventory of all the connected devices on your network, including their manufacturers. Most attacks are successful because devices are running outdated software or operating systems. Then set up a routine to check each of these devices and applications online for updates. IoT devices can be difficult to track for vulnerabilities. Browsers like Google allow you to set up automated searches to alert you when news or updates about a device are found.
  • Keep your antivirus and anti-malware software updated and run it regularly. Also, remember that no software is 100% effective, so set up a regular schedule, say once a month, where you use a second or third security solution to scan your device or network. 

As we consider purchasing IoT devices and connecting them to our networks, we need to remember that the conveniences they offer include risks. Cybercriminals are determined and informed of the latest trends and technologies, and they know how to exploit them. This is why we need to take the time to educate ourselves – and our employees – about the potential cyber hazards of the modern workplace.

Tags: Article Security Technologies

Related


  • IoT security
    Zero-Trust Security for IoT: Establishing Rigorous Device Defenses
    IoT security pros can benefit from zero-trust security to authenticate rogue devices that try to connect to a network. Zero trust should be the hallmark of your IoT strategy.
  • 3d rendering of human brain on technology background
    AI Ups the Ante for IoT Cybersecurity
    Security providers in IT and OT have implemented AI, ML and other advanced technologies to make systems smarter than malicious attackers.
  • IoT security
    Protecting Your Network Against Ripple20 Vulnerabilities
    Early this year, Ripple20 wrought havoc on numerous IoT devices, given vulnerable third-party code. Here are ways to prevent your organization from the fallout.
  • IoT security
    IoT Security Trends, 2021: COVID-19 Casts Long Shadow
    While some IoT security trends in 2021 will continue trends from 2019 and 2020, COVID-19 has brought some new threats to the fore.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • LYNX MOSA.ic™ Avionic Platform (Advantage w/ Intel)
  • COVID-19 Driving Data Integration Projects in IoT
  • Intro to LynxSecure
  • Can Privacy-Preserving Machine Learning Overcome Data-Sharing Worries?

News

View all

Webex Collaboration Banks on Hybrid Workplace Model at Cisco Live 2021

2nd April 2021

Cisco Enlists Networking Automation, CX Cloud in COVID-19 Response

31st March 2021

White Papers

View all

Telehealth and COVID Infographic

30th March 2021

Medical Supply Chain Management with Smart Devices and Sensors

30th March 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

Embedded IoT World 2021

28th April 2021 - 29th April 2021

The Virtual Industrial AI Summit

29th June 2021 - 30th June 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

🥳Happy #IoTDay! How are you celebrating? We're giving $50 off All Access Passes to join our upcoming virtual event,… twitter.com/i/web/status/1…

9th April 2021
IoTWorldToday, IoTWorldSeries

🎉 Announcing #EIOTWORLD sponsor, @InnoPhaseinc — a fabless wireless semiconductor platform company specializing in… twitter.com/i/web/status/1…

8th April 2021
IoTWorldToday, IoTWorldSeries

Digital Health Infrastructure Benefits From Cloud-to-Edge Architecture dlvr.it/RxBwQ4 https://t.co/AILVdUVWDA

7th April 2021
IoTWorldToday, IoTWorldSeries

Meet the #EIOTWORLD keynote lineup: Google, Facebook, Linux Foundation, STMicroelectronics, Antmicro, OpenHW Group,… twitter.com/i/web/status/1…

6th April 2021
IoTWorldToday, IoTWorldSeries

Network Data Analytics Supports Back-to-Work Health and Safety dlvr.it/Rx5xlL https://t.co/VvxxpdUMJ3

6th April 2021
IoTWorldToday, IoTWorldSeries

IoT Cybersecurity Act Places Security Onus on Device Makers dlvr.it/Rx2jHK https://t.co/fyd3nQ1r1Z

5th April 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X