Retaining IoT endpoint devices is still an uphill battle for many IT departments, and cybercriminals know it. How can you protect your lead?
For the past five years, experts have been touting the benefits of zero-trust networking, observability, and other IT that can secure the enterprise and its edge.
SEE: Don’t hold back your enthusiasm: Trends and challenges in edge computing (TechRepublic)
If more internet of things technology is deployed, buttoning up security at the device level remains a major challenge. Here are six security challenges for IoT devices and what you can do to address them.
Top 6 security vulnerabilities with IoT devices and their solutions
1. IoT device makers don’t prioritize security
IoT is vulnerable to security attacks because many IoT device manufacturers do not install adequate security on their devices. Many of these devices are developed by start-up companies focused on getting their offerings to market quickly, even while skipping security and governance.
This rush to get to market coincides with the fact that the IoT device space has also been largely a commodity-driven market. In this environment, it is tempting for corporate procurement and IT departments to choose the lowest cost solutions where security is an afterthought.
Resolution: RFPs provided to IoT vendors must include a specific security section. What types of security come with these devices? How often is the security updated? Is security easy to configure? Are devices tested and/or certified for industrial security?
2. IT forgets device security checks
IT is under constant pressure to get projects up and running quickly. In the IoT world, projects can be as simple as installing temperature sensors in buildings or as complex as equipping and installing an entire production line with IoT.
As these installations progress, IoT devices are tested for functionality and integration, but there is a tendency to overlook the security standards on each device. Since IoT device manufacturers typically set very low security levels on their devices, a mistake by the IT department to monitor and adjust device security can inadvertently create easy targets for cybercriminals to penetrate.
Solution: IT should develop a formal IoT setup procedure, including checking the security settings on inbound IoT devices and then calibrating the device security settings according to company standards before putting IoT devices into production.
3. Lack of IoT visibility
According to Armis, 67% of companies in North America have experienced an IoT security incident, but only 16% of enterprise security managers say they have sufficient visibility into their IoT devices.
Of malware and ransomware attacks This lack of visibility is increasing and can be a result of IoT devices being installed by end users and others without IT’s knowledge, or it can be a result of installed devices being moved from place to place.
Solution: Asset tracking and management software must be installed on the network. This software tracks all IoT endpoints. Asset tracking software can also discover when an endpoint device is added or removed from the network and then alert IT.
4. Device software updates are not made in a timely manner
Security updates are ongoing for almost every type of IoT device an organization uses, so keeping track of the security of a wide variety of smartphones, cameras, sensors, and routers can be daunting. You don’t want to miss any updates because most updates are patches for security vulnerabilities that IoT vendors have found.
Solution: IT can automate the device software update process with commercial software that performs this task. Security updates – and any adverse impact they may have – should be immediately reviewed and scheduled by IT before automated updates are triggered, as software updates can inadvertently introduce new software bugs that can affect network and device performance.
In this way, IT can be prepared for any fixes or interventions required for the new update, or it can decide to wait for the update software to be corrected. In all cases, the goal is to ensure that security updates on edge devices are installed quickly, securely, and without disruption.
5. End of IoT devices are misused or lost
With more employees working from home or on-site, employees may have a tendency to be careless with their devices. Millions of smartphones are lost every year, said rocket wise. When smartphones are lost or misplaced, malicious parties can acquire these devices to steal data and intellectual property.
Solution: Encrypt all data stored on a smartphone or other IoT device with storage capacity. Turn these devices into “thin clients” that process data, but only store the data in the corporate cloud.
6. Physical premises are left unsecured
As more IoT moves to the edge of enterprises, it is up to end users to ensure that this IoT is physically protected and secured.
There is a risk in factories that robots and other automated IoT are not left outside when not in use so that everyone can physically access them.
Solution: Enclosed cages should be built to store physical IoT equipment in edge environments when the equipment is not in use. Only authorized personnel should be given access codes to these physical cages.
This physical asset protection is very similar to what you would use in the corporate data center. IT needs to ensure that this level of physical lockdown security is in place because of IT’s experience with data center and sensitive asset protection.
Learn more about this topic with a look at how IoT and edge computing can work together and how IoT automates warehouse operations.
