The enterprise internet of things (IoT) is rapidly growing, paving the way for innovative new approaches and services in all industries, such as healthcare and manufacturing. Consequently, this is also opening the door for new cybersecurity risks. Unit 42 recently analyzed 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organizations in the United States.
The study found that 98% of all IoT traffic is unencrypted and 57% of IoT devices are vulnerable to medium- or high-severity attacks. This provides low-hanging fruit to attackers, and enterprises are at risk for having personal and confidential data exposed on the network.
While the surge in IoT devices on corporate networks continues to blossom, there are some steps organizations can take immediately to reduce exposure to IoT-initiated attacks. While these steps won't eliminate all risk, security teams can deploy them quickly, removing some of the easiest targets for attackers.
Step 1: Know your risk – discover IoT devices on the network
Unit 42’s latest report found that 30% of network-connected devices in an average enterprise are IoT assets, and this excludes smartphones. Unfortunately, most organizations are unaware of these devices and fail to manage their security posture or risk profile. Using intelligent device scanning and profiling, your IT security teams can gain insight into what IoT devices are connected to the network, their risk profiles and their network behavior when interacting with other devices on the network. Today’s advanced IoT security solutions also use machine learning to identify unknown IoT devices and detect malicious network communication patterns before significant damage is caused.
Step 2: Patch printers and other easily patchable devices
It’s important to ensure that all IoT devices are running on the latest software and kept up-to-date. An easy way to start decreasing your attack surface is to patch printers and other devices that are easily patchable. The 2020 Unit 42 IoT Threat Report showed that printers and security cameras are the most abundant and vulnerable devices across enterprise networks. Specific industries – for instance, healthcare – may have other devices that are abundant and need to be patched, such as imaging and patient monitoring systems. Once you’ve completed initial IoT discovery to find all the devices on your network, we recommend investing in the security posture of the most abundant network-connected devices in your enterprise. Work with their respective vendors on a patch-management strategy that creates routine maintenance moving forward and reduces overall risk.
Step 3: Segment IoT devices across VLANs
A practice becoming more common for organizations is network segmentation. While it can be tedious to set up, it yields strong security benefits across the entire enterprise, stopping lateral movement of exploits, reducing the attack surface and minimizing any aftermath damage. By leveraging VLAN configurations as well as firewall policies, organizations can effectively implement network segments. A best practice for segmenting an organization's network is to base it on device type, threat levels, usage patterns, and other device profile characteristics. Moreover, inter-segment access and north-south communication should be strictly guarded by the network boundary, switch ACLs, and firewall policies. This essentially creates a strong perimeter defense around network tiers or security zones that protect confined IoT and IT assets, based on their assigned security value or significance to the organization.
Step 4: Enable active monitoring
Once IoT devices on the network have been identified, patched and segmented, it’s important to continue monitoring in order to accurately discover attacks, identify vulnerabilities and analyze the behavior of all network-connected devices. This monitoring solution must also be able to scale and run continuously, providing updates in real-time. Typically, sophisticated IoT solutions run in highly scalable cloud architectures and rely heavily on machine learning to discern profile devices and alert security teams about anomalies. Continuing to monitor your network-connected IoT devices will enable you to adapt your security policies as necessary, reduce risk and maintain a strong security posture.
Facing the Challenges of Enterprise IoT
With so many network-connected devices in your organization, it can be a challenge for security teams to keep pace and mitigate risk as each new device type presents a possible new threat vector. Properly classifying IoT devices, keeping software up-to-date with the latest patches, segmenting your network and enabling active monitoring ensures IoT devices are granted access to appropriate resources and placed in the right network segments. This effectively lessens the risk of threats to other resources and networks and reduces your overall attack surface. After following these steps to reduce IoT risk, we suggest creating an effective IoT strategy that will prepare your organization for the long term.
For more information and IoT best practices your organization can deploy, read the full 2020 Unit 42 IoT Threat Report.
Intelligent Network Security: LinkedIn Live Broadcast
AJ Shipley, vice president of product, and Paul Calatayud, Americas CSO, appeared on LinkedIn Live to answer questions about the industry’s first ML-Powered NGFW. Watch the event on-demand.