No IoT device is off the table for hackers, especially when considering the massive set of DDoS attacks that utilised compromised surveillance IP cameras to generate a huge amount of traffic that crippled many websites. And the recent WikiLeaks news that smart TV’s could be spying on people.
The leaked documents from WikiLeaks reveal that the CIA developed an exploit that exploits some unknown “zero-day” vulnerability to breach and take control of TVs. This malware puts the TV on a “dissipation mode” which misleads the owner to believe the device is turned off, when in fact the TV is still on and recording conversations.
Is it possible to protect a business from being yet another victim of an IoT-based breach? If so, what can be done?
In order to keep a network secure and compliant, organisations should follow best practices for IoT security. This includes; rapidly adopting software systems to help implement threat prevention and security management of IoT devices.
These best practices include 4 major areas.
Lock-down
Implement a device lock-down, hardening policy, or procedure. Vendors of IoT devices don’t always provide the best security configuration and correct security posture.
Instead, adopt systems and processes that automatically reconfigure the IoT system and constantly institute a lock-down policy with respect to best practices, known vulnerabilities and threat intelligences.
Minimal complexity of passwords, open ports, running unused services and always-on peripheral devices such as microphones are all part of a wide attack surface that must be reduced by fully-automated hardening of IoT devices.
Automated hardening solutions provide the ability to restrict device features and services, allowed control of incoming and outgoing traffic, and even force patch updates for device software.
Micro-visibility and risk monitoring
Adopt systems that provide pervasive inside monitoring on all aspects of IoT devices on your network, from running processes to firmware changes and more.
These systems discover and deeply understand the nature of any IoT device on corporate networks, and consciously monitor and present all possible risk factors introduced by a device.
Such a security system must collect and analyse hundreds of different parameters from IoT devices. The system then can analyse and correlate collected data against known vulnerabilities and threats, and detect behavioural anomalies or post-breach activities on the device.
Untrusted by default
Do not allow unauthorised devices to plug into your network. Implement secure access and governance flow of how to on-board new devices.
Each device that is connected to your network, whether wired or wirelessly, must be authenticated, authorised, and assessed. Determine each device’s risk level prior to entering the corporate environment.
Discover the invisible
Adopt network-wide actionable visibility on all devices connected to the corporate network and constantly discover new and unknown IoT devices.
Act on each device that has been discovered by such network visibility systems to ensure the device is known, authorised and properly configured.
Protecting against IoT attacks begins with visibility, followed by detection and then reaction. Use these best practices listed above to ensure your network is secure, and then nobody will be able to record your meeting discussions without consent via that TV in the boardroom.
Sourced by Juda Thitron, VP of R&D at Portnox
