The recent headline grabbing DDoS attacks on IoT devices that occurred at OVH, Krebs on Security, and DYN, were performed and spread by taking control of IoT devices found today in most homes and offices. These attacks reveal the true danger in our IoT devices - attacking them is child's play. Surprisingly, most users do not bother to change factory default usernames and passwords, making the hackers’ lives much easier.
Gartner estimates that the IoT market will grow to 20.8 billion connected devices by 2020 and IDC estimates that by 2020 there’ll be nearly 30 billion connected devices. More than half of major business processes will incorporate IoT. As with all ‘good things’, this growth brings with it dangers from IoT that will go far beyond DDoS attacks. Unfortunately, this is not FUD; it is the equivalent of leaving the office doors unlocked and expecting nothing to get taken.
IoT devices are the weakest link in corporate cybersecurity
IoT devices are the perfect candidate for criminal takeover. The devices are everywhere, always online and are largely unprotected. Hackers transform the devices into “command & control base stations”, where devices receive commands from their operator, usually to perform network information reconnaissance in order to find the information to steal, take down the system or extract valuable intelligence. Because they are always connected, there is no human to detect that the device is slow or sluggish, and they are generally not protected by security measures - such as anti-malware software. Many device users are unaware of the danger and don’t take the time to change the default passwords (they are not always aware that multiple admin accounts might exist), or to upgrade the latest version of the operating system software, all of which could stall or even stop a malware attack. Bringing these unprotected devices to the office makes the sloppy practice (or lack thereof) a problem for organizations large and small.
A layered approach for corporate IoT security
It is impractical to reach each IoT device vendor once (yet another) zero day vulnerability attack occurs. Organizations typically have dozens of vendors and most IoT devices are NOT centrally managed. This leaves the security team with only one option – a software solution that will find those devices ahead of time and move them to a dedicated segment away from the organization’s most mission critical systems.
A layered approach that includes the following levels is most effective:
- Assessment – A network discovery process of all of the existing IoT devices including managed and partially managed devices. Then, understanding what each type of device is, what operating system it is running on, and which application and processes are installed on it.
- Segmentation – IoT device should not be in the same network segment as other devices or within reach of the organization’s mission critical systems and data. Firewalls must be deployed between these segments to prevent IoT devices from reaching the “crown jewel” section of your network. By performing proper segmentation, you enhance the ROI on your existing detection technology by making it much more accurate and effective.
- Detection – The ability to immediately detect every IoT device which joins the network and carefully verify whether it behaves similarly to other typical devices. A compromised device or a fake device might look the same but will behave differently.
- Response – Once a breach is discovered, it is poor practice for an alert to be sent and then processed manually. Manual actions take time -- hours or even days (a weekend breach for example). Not to mention the costs associated with manual responses. An automated breach response is required to block a specific device or limit its access within seconds. Network Access Control (NAC) tools are one way to achieve this.
It’s far from all doom and gloom but organizations will suffer if appropriate cybersecurity measures are not a priority.
This blog was written by Portnox. Portnox helps organizations to see, control, react and manage the risks their networks face for any user, any device, anywhere. Using Next Generation Network Access Control (NAC), Portnox secures connected organizations with ease.
How does Portnox do this? By discovering 100% of an enterprise’s connected endpoints and profiling them, Portnox can point out which devices are IoT devices. Next, Portnox can also force these devices to a defined segment of the business network. This creates network hygiene and ensures that the rest of the network remains out of reach of the IoT devices. Sensitive information and systems that are vital to the organization are maintained segregated and secure.