Securing the Growing Attack Surface Introduced by IoTs
Spurred by digitization and substantial advances in artificial intelligence (AI) and machine learning (ML), the number of Internet of Things (IoT) devices is increasing at breakneck speeds. Every minute, 7,620 new IoT devices are added to the Internet, and by 2030, there will be more than 29 billion connected IoT devices.
While IoT devices enhance an organization’s efficiency and productivity through seamless connectivity, they also introduce a stream of unencrypted data flowing through networks. Without proper safeguards, organizations are all but putting up neon flashing ‘attack me’ signs for threat actors. Knowing how vulnerable IoT devices are, hackers accept those invitations at alarming rates, enter networks, and wreak havoc.
In January and February of this year, 54% of organizations faced an average of 60 IoT-related attacks per week – a staggering 41% increase from 2022 and more than triple the attacks in 2021.
When comparing the first two months of 2023 to 2022, organizations in the education sector experienced the most weekly IoT attacks (131), but no industry was unscathed. Weekly, government and military organizations averaged 70 attacks, manufacturing businesses suffered 49 attacks (+45%), and healthcare organizations 42 (+28%).
The Security Pitfalls of IoT Devices
The influx of IoT devices, many of which have numerous vulnerabilities, has dramatically expanded attack surfaces, creating unprecedented challenges for security professionals.
Manufacturers often prioritize time-to-market, functionality, and convenience over security, resulting in weaknesses being embedded in IoT device designs, such as hard-coded passwords, default user names, and poor default security settings. Complicating the matter further is that some IoT devices aren’t designed to receive security updates or patches, or manufacturers simply don’t supply them.
The interconnected nature of IoT devices is a double-edged sword. While they communicate seamlessly with each other and external services, facilitating an integrated digital experience, they also open up a potential domino effect. A compromise in one device could cascade through the network, exposing other interconnected components.
Some IoT devices use insecure communication protocols that do not encrypt data. Since they often collect and transmit sensitive data, ranging from personal health information to critical operational data at a manufacturing plant, safeguarding the information and complying with data privacy laws can become a real challenge.
EDR Solutions Aren’t the Answer, Monitoring Is
While Endpoint Detection and Response (EDR) and EDR-based XDR agents can effectively secure traditional endpoints, they aren’t suitable for securing IoT devices for several reasons.
- Limited Resources: Many IoT devices have limited processing power and memory. As a result, they may not be able to run resource-intensive EDR and XDR agents at all; if they can, the IoT devices’ performance is likely to be impacted.
- Additional Security Risks: EDR and XDR agents can introduce their own security risks. For example, if an attacker compromises an EDR or XDR agent, they could gain access to the device and all of the data stored on it and launch attacks against other devices on the network.
- Compatibility: Many IoT devices use proprietary operating systems and protocols, which means that EDR and XDR agents may not work properly on them.
- Cost: EDR and XDR agents can be expensive to purchase and maintain, especially for organizations with many IoT devices.
Without the ability to use an EDR solution, network monitoring becomes essential as it provides visibility into all traffic on the network, including traffic from IoT devices, and can be used to detect suspicious activity, unusual traffic patterns, or attempts to access unauthorized resources.
In addition, network monitoring can be used to create rules and alerts to help prevent attacks from spreading. For example, an organization could create a rule to block all traffic from IoT devices to known command and control servers. This would help prevent IoT devices from being infected with malware and used to launch other attacks on the network.
Best Practices for Securing IoT Devices
For many organizations, IoT devices are critical; securing them must be a priority. The first thing businesses need to do is ‘get their house in order.’ Follow this simple four-step plan:
- Create a Network Asset Inventory: Catalog all IoT devices in your network; knowing what you have is the first step in securing your environment.
- Run a Network Scan: Perform regular network scans to identify which systems and devices are connected to your network and if any are unauthorized.
- Network Segmentation: Use your routers and switches to segment your network. Isolating critical assets from IoT devices can help contain potential threats.
- Block Unnecessary Ports: Identify the network ports required by IoT devices and block traffic on all other ports using firewall rules to minimize the attack surface.
Like with all security-related tasks, a one-and-done approach isn’t sufficient. Organizations should take inventory and run a network scan at least quarterly, ideally monthly.
In addition to the process listed above, organizations should apply these best practices to secure IoT devices and strengthen their overall security posture:
- Regular Updates: Ensure IoT devices receive regular firmware and software updates to patch known vulnerabilities.
- Strong Passwords and Authentication: Change default passwords and implement strong authentication mechanisms to protect against unauthorized access.
- Network Encryption: Encrypt data transmitted between IoT devices and central systems to protect against eavesdropping.
- Security Standards: Choose IoT devices that adhere to recognized security standards and protocols.
- Access Control: Implement strict access control measures to limit who can communicate with IoT devices and manage them.
- Continuous Monitoring: Establish a Security Operations Center (SOC) to monitor IoT devices 24/7 for any signs of suspicious activity.
Since IoT devices are continuously active, they must be monitored 24/7 for real-time threat detection and response. Organizations should establish their own Security Operations Center (SOC) or partner with a reputable SOC provider equipped with advanced threat detection tools that can contextualize and prioritize alerts to mitigate any security incidents, reducing potential damage.
Securing the Future
The Internet of Things is here to stay, and its impact is growing in homes, offices, and every place with an Internet connection. As IoT devices become an integral part of our work and play lives, it’s crucial to acknowledge they also represent an expanded attack surface for cybercriminals. The onus is on businesses to act and ensure these devices don’t become an easy access point for bad actors. By understanding the unique security challenges they present and implementing best practices, organizations can navigate this new frontier of cybersecurity and protect our digital ecosystems from the ever-evolving threat landscape. In the age of IoT, awareness and proactive security measures are our greatest allies.