https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Getty Images

IoT security

IoT Device Security: Risk Assessment, Hygiene Are Key

As devices and data proliferate at the edge of the network, IT pros have encountered new challenges in securing enterprise IT systems.
  • Written by Lauren Horwitz
  • 11th January 2021

Key takeaways from this article include the following:

  • As devices and data proliferate at the edge, so do cybersecurity incidents. According to one survey, 72% of organizations experienced an increase in IoT device security incidents in 2020.
  • The consumerization of health care, among other emerging connected-device trends, has created new vulnerabilities at the edge of the network.
  • Preventing security breaches at the edge requires some sound best practices, including doing a complete inventory of all devices in an organization’s estate, as well as developing risk profiles for each device.
  • Organizations need to craft policies for IoT devices and consider network segmentation, among other best practices to ensure better security for IoT devices at the edge.

IoT devices at the edge of the network continue to proliferate, IT pros could be forgiven for comparing their efforts to a game of whack-a-mole.

As one device emerges with known vulnerabilities, there may be several more lurking, unbeknownst to IT, that are vulnerable to attack. According to F-Secure, cyberattacks on IoT devices increased 300% in 2019.

By 2022, there will be some 25 billion devices at the edge – all of which will vie for attention on the global network, according to the Telecommunications Industry Association. More than two-thirds – or some 18 billion – will be IoT devices. Survey data also suggests that enterprises will spend an average of 30% of IT budgets on edge cloud computing over the next three years, according to “Strategies for Success at the Edge, 2019,” a report by Analysys Mason.

In conjunction, these data points suggest that enterprises will move key compute resources to the edge to enable processes such as video surveillance, performance monitoring of industrial equipment and real-time data analytics.

According to new data released by Cybersecurity Insiders, 72% of organizations experienced an increase in endpoint and IoT device security incidents in the past year, while 56% anticipate their organization will likely be compromised due to an endpoint- or IoT-originated attack with the next 12 months.

Preventing Cybersecurity Attacks on IoT at the Edge

The keys to contending with these encroachments on enterprise security, say experts, are greater knowledge about an enterprise’s IoT profile and key security hygiene steps that many enterprises neglect.

“The biggest issue is trying to work out what is in your estate and how it gets there,” said Alex Leadbeater, head of global obligations and futures, BT Security at ETSI, in the panel discussion “Mitigating and Managing Risk with IoT – Securing your Device and Managing Infrastructure” at the IoT Security Summit in early December.

Leadbeater said shadow IT – whereby a business unit introduces an unsecured (and unknown to IT) connected device because it satisfies an unmet need – isn’t malicious but contributes greatly to enterprise cybersecurity vulnerabilities.

“IoT slowly creeps in,” said Leadbeater. “Call it ‘the march of IoT’ into segments that originally didn’t have it: hospitals, critical national infrastructure. They simply don’t have policies for [these IoT devices] because they didn’t realize that they were there until they realize they have a security vulnerability,” he said.

Health care organizations have experienced this shadow IT problem in high relief, said panel participant Seth Fogie, director of information security at Penn Medicine, as demand has increased in the wake of COVID-19 for remote care and digitized services.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

To learn more about IoT device security at the edge, register for our Edge Digital Symposium, March 17.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

“There has been a really big push to take the medical device out to the patient,” Fogie said. This “consumerization” of patient care with connected devices augments IoT device vulnerabilities, providing entryways to attack other parts of the enterprise. “Special-interest groups will want to learn more about their specific niche and want to put an IoT piece on the network to run a quick pilot,” and those demos can threaten network safety. “It’s a real challenge we deal with on an ongoing basis,” he said.

Fogie noted that Penn Medicine had installed a temperature monitoring system to gauge the temperature of refrigerators for drugs and food. “If something went wrong there – drugs and food can go bad – it can impact patient care,” Fogie recalled. “But it was pulled off the internet, with default passwords that came right off the internet,” he said. That kind of password exposure is a simple fix for IT pros, but also a surprisingly common mistake, Leadbeater said.

Further, Fogie noted, the temperature monitoring device was vulnerable enough to become a launching point, where malicious attackers could hop from that system to the back end. “The answer is to segment things off,” Fogie said, whereby IoT device networks are cordoned off from other key IT data networks.

Lack of Visibility Into IoT Devices on the Network

Within the health care industry, the move toward digital health care and remote monitoring of patients – with patients and practitioners using pacemakers, glucose monitors and other devices – has exacerbated the shadow IT problem.

Fogie emphasized that with trends like digital medicine having exploded in 2020, the attack surface has increased and created new attack points for malicious actors

But IoT device security requires taking a solid inventory of these shadow IT devices so malicious actors don’t access them first.

Steps to IoT Device Security at the Edge

There are three key steps in addressing vulnerabilities in an IoT estate, said Russell Schafer, head of product marketing, security platforms, at Check Point Software, during the panel discussion.

  1. Discovery. During this stage, IT pros should take a comprehensive inventory of the components of their IT environments. They should assign a risk profile to each device, noting operating system, patches and known vulnerability attacks.
  2. Policy and segmentation. Malicious actors exploit holes in organizational security by jumping from device to device. Given the risk profile, IT should automate security policies that dictate communications that the organization allows and those it blocks. For example, an MRI machine might be allowed to send an image to a particular database but not communicate with other devices.
  3. Monitoring and threat prevention. IT should use software to look at connections between devices and the network to detect anomalies in traffic and behavior.

No Quick Fixes for IoT-at-the-Edge Vulnerabilities

While the panelists indicated there are no speedy remedies to the problem of malicious attackers infiltrating IoT devices at the edge, they noted a few tactics that could help. One is the notion of building in security by design. While many industrial devices as well as consumer devices were not built for constant updates and patching, the panelists noted that more development efforts now incorporate security upfront – and before building devices.

Yet another, Fogie said, is the prospect of enlisting vendors’ “bug bounties.” Google and Microsoft, for example, actively enlist researchers to test systems and identify vulnerabilities before malicious forces do.

“If I knew a device went through that level of exploration, I would be more likely to [use it],” Fogie said. Ultimately, though, experts said that IoT device security is devoid of quick fixes.

“There [is] no ‘We’re going to fix this in two days’ kind of a fix,” Leadbeater said.

Sidebar: Common Vulnerabilities for IoT Devices

For IT pros trying to assess their IoT landscape and their risk profile, experts cite a few kew sources of vulnerability that you should assess and remediate up front to reduce IoT device security risk.

  1. Windows 95. This operating system has reached its end of life, so it is a target for malicious actors.
  2. Zigbee protocol. This is a known vulnerability, and many lighting systems use Zigbee building management systems.
  3. Phishing attacks. Phishing attacks via email can be a launch point from which to infiltrate IoT devices. According to Schafer, one manufacturer in Asia had to shut down its plant for two days following a phishing attack.

 

 

Tags: Edge computing Security Technologies

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Microsoft Extends Secured-Core Program to IoT Devices
  • Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration
  • Unmanned Robotic Combat Vehicle Being Tested
  • Image shows a Close up of lens on black background
    Carnegie Mellon Researchers Invent System to Find Hidden Cameras

Roundups

View all

IoT Product Roundup: Canonical, InfluxData, Wiliot and More

23rd June 2022

IoT Product Roundup: Cisco, Telit, Draganfly and More

9th June 2022

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Image shows Unilever's Alberto Prado at AI Summit 2022 in London

AI Summit 2022: Unilever’s Alberto Prado

Prado talks about how Unilever is using AI to accelerate the speed of new discoveries and gives them access to more breakthrough innovation

Image Shows John Lewis' Barry Panai at AI Summit London 2022

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail

Panayi talks about data and AI in retail and how individuals and the technology can work together

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

IoT Product Roundup: Nokia, Energous, Dashbot and more dlvr.it/STRKDh https://t.co/YgTAI5SXSB

6th July 2022
IoTWorldToday, IoTWorldSeries

A new #IoT bug monitoring system from @CENSIS121 is helping the UK’s #forestry industry fight pests, and save money… twitter.com/i/web/status/1…

6th July 2022
IoTWorldToday, IoTWorldSeries

NHTSA Boss Hints at Federally Regulating Autonomous Vehicles dlvr.it/STQrrw https://t.co/Yjp1UKuaE5

6th July 2022
IoTWorldToday, IoTWorldSeries

Nvidia Powered Driverless Three-Wheelers Set to Debut dlvr.it/STQq0H https://t.co/RrYyVPgFzB

6th July 2022
IoTWorldToday, IoTWorldSeries

New Drone System Aims for Full Autonomy dlvr.it/STQnvV https://t.co/S4O8hb6gQh

6th July 2022
IoTWorldToday, IoTWorldSeries

Bosch, VW Approved to Develop Automated Driving dlvr.it/STQllD https://t.co/neI30dVmC6

6th July 2022
IoTWorldToday, IoTWorldSeries

🤔 Looking for 3 Strategies to Avoid IoT Key Theft? We’ve got you covered! As tech companies continue to develop an… twitter.com/i/web/status/1…

5th July 2022
IoTWorldToday, IoTWorldSeries

AI Summit 2022: Unilever’s Alberto Prado dlvr.it/STMpRN https://t.co/1dyLREr8N6

5th July 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X