IoT technology has emerged as one of the biggest game-changers in the global IT landscape. Its contribution is not merely limited to the IT sector, but it further expands from manufacturing to logistics operations, from smart wearables to sensors for endless use cases.
Today, the technology has become the breeding ground for ultra modern phenomena including Industry 4.0, smart homes, and smart cities. Interestingly, now there are more IoT devices on this planet than the people. According to Gartner IoT devices are clocking a gigantic figure of 8.4 billion, which will soon be more than double to become 20.4 billion by 2020.
But, a technology such as this, which is being deployed for across-the-board operations can also be a cause for some concern. Since the state-of-the-art technology is still maturing, it has an array of vulnerabilities that need to be addressed. More than 70,000 CVEs (Common Vulnerabilities and Exposures) have been discovered in IoT devices since 2006 and still, multiple vulnerabilities are out in the open waiting to be exposed.
Such vulnerabilities in IoT devices can be used by a cyber-attacker to breach any network and thereby, penetrate along other levels of the network. Last year’s DDoS attack which rendered multiple leading businesses ineffective including Twitter, PayPal, Netflix, PlayStation and Spotify is one such example.
How to fix security around IoT devices?
Centralized Vulnerability Assessment
Organisations often assess their IoT vulnerabilities individually which leads to a fragmented approach. For example, application security assessment is treated as a different security program from network scanning and secure connection reviews. This kind of approached results in a fragmented security framework, make it easier for a cyber-attacker to exploit loopholes in or between the networks. New vulnerability management programs make identification and correlation of all vulnerabilities across the entire IT stack possible by centralizing all vulnerability assessments.
Low-value asset protection
Protecting low-value assets is as important in the current IT paradigm as critical infrastructure. Targeted attackers seek any vulnerability within the IT infrastructure and use it to penetrate deeper into the network till they reach their end-goal. The DDoS attack previously mentioned was made possible largely due to IoT vulnerability in security cameras which was exploited by the cyber attackers. This makes it important for organizations to treat all their assets equally when network security is brought into perspective.
Every network compromise irrespective of its size and extent leaves a trail of significant information which can be used to identify and eliminate vulnerabilities. An organization must have a detailed review of their security breaches and even attempts to breach security. This can provide substantial data to limit and fix the exposures in the network.
Proactive Vulnerability Management
IT infrastructure including network and systems in organizations are evolving at a rapid rate, meanwhile, cyber-attacks have also become sophisticated. However, vulnerability testing schedules are still erratic. Vulnerability management should be made a proactive and continuous operation, as done in the case of threat management by SOC (Security Operations Centre). Doing so it constantly scans tools at network, configurations, applications, and various code levels for identification and elimination of security gaps.
Remediation of vulnerabilities as per industry estimates takes about 176 days on an average from impact analysis to actual patching activity or secure configuration of the system and reversing of patches. Six months of time is sufficient for a cyber attacker to leverage the security loophole and compromise the network. Many vulnerabilities can be eliminated by using the right rules in blocking devices, making them work as virtual patches for assets with immediate deployment. IDPS (Intrusion Detection and Prevention System), WAF (Web Application Firewall), and automated system administration tools can become pivotal in this case.
It has become virtually impossible for businesses to ignore the highly favorable technology that’s catering to the fascination of the dynamically evolving market.
This article has been authored by:
President, and COO