The First Steps in Effective IoT Device Security
Offices, cities, and even homes — the spaces we work and live in — are growing smarter and smarter. A new study from Gartner estimates that 5.8 billion enterprise and automotive internet of things (IoT) endpoints will be in use by 2020. Undoubtedly, daily operations and production have become easier and safer, thanks to these devices. But what are the risks involved in embracing this new technology? As we adopt more of these devices, attach them to critical infrastructures, integrate them into important operational tasks, and even store sensitive data in them, we also have to wrestle with the problem of securing them.
IoT Hacks and Vulnerabilities in 2019
Securing IoT devices is more difficult than securing a laptop or even a mobile phone, as many of these devices are not designed with security in mind. However, with increased cybersecurity threats operating in the landscape today, device manufacturers are hard pressed to equip and secure their products against any, and hopefully all, known and emerging attacks. In terms of broad industrial usage, many devices in these environments suffer from outdated systems, unpatched vulnerabilities and unsecured data. While in typical enterprise settings, the increasingly connected nature of widespread operational networks (including devices, communication channels and applications) presents a rich attack surface for hackers.
We can see how prevalent IoT threats are becoming. Just this year there were several critical security incidents across different industries affecting millions of devices.
Five IoT Security Steps
Generally, IoT devices are very different from each other, and securing them also depends on the type and model of the device. Inside an office building, a smart bulb will be from a different manufacturer than the smart printer; and the overall controlling system that runs through the whole office will have its own unique operating system. To effectively secure all these disparate IoT devices, an overarching multilayered security plan and constant maintenance is necessary.
There are five initial security steps organizations can take when setting up IoT devices:
- Change default passwords and adjust security settings to fit your specific needs.
- Turn off or disable any features that you don’t need.
- For devices capable of using third-party applications, only use legitimate applications from valid vendors.
- Update the device firmware and applications so that the device will be protected against known security vulnerabilities.
- In terms of setting up applications on devices, review the permissions they require and limit the access given to these apps.
Five Steps for Securing Networks and Routers
In an IoT-enabled environment, network devices and routers are also a cause for concern. One compromised IoT device can potentially be used to spread malware to other devices connected to the same network. For example, a smart printer can be used to infect office computers and other smart devices on the same network. Similarly, if a router is compromised, it can spread malware to all the devices connected to it.
The following measures are helpful in securing networks and routers:
- Map and monitor all connected devices.
Settings, credentials, firmware versions, and recent patches should be noted. This step can help assess which security measures the users should take and pinpoint which devices may have to be replaced or updated.
- Apply network segmentation.
Use network segmentation to prevent the spread of attacks, and isolate possibly problematic devices that cannot be immediately taken offline.
- Make sure network architecture is secure.
Users should set up routers with VLAN or a DMZ—segmentation and isolation mechanics that add an extra layer of security to networks.
- Follow router-specific best practices.
Enabling the router firewall, disabling WPS and enabling the WPA2 security protocol, and using a strong password for Wi-Fi access are just some of these practices.
- Disable unneeded services like Universal Plug and Play (UPnP).
Poorly configured routers which had UPnP enabled were recently attacked, highlighting the need to disable or turn off unneeded features and services to prevent security mishaps.
These are just the basic steps to take in security IoT devices. For a more complete and multi-layered defense, users can employ comprehensive protections such as the Trend Micro™ Security and Trend Micro™ Internet Security solutions, which offer effective safeguards against threats to IoT devices through features that can detect malware at the endpoint level. Connected devices can also be protected by security software such as the Trend Micro™ Home Network Security and Trend Micro Smart Home Network™ (SHN) solutions, which can check internet traffic between the router and all connected devices. The Trend Micro™ Deep Discovery™ Inspector network appliance can monitor all ports and network protocols for advanced threats and protect enterprises from targeted attacks.
Also, for more thorough security advice and to become familiar with unique threats that can affect IoT and industrial internet of things (IIoT) devices across industries and in smart factories, see the resources below.
- Security in the Era of Industry 4.0: Dealing With Threats to Smart Manufacturing Environments
- Attacks Against Industrial Machines via Vulnerable Radio Remote Controllers: Security Analysis and Recommendations
- Critical Infrastructures Exposed and at Risk: Energy and Water Industries
- Securing the Transportation Network of Tomorrow
- Cultivating Security in the Food Production Industry: Nipping IoT Risks and Threats in the Bud
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases