Illustrasjon: iStock

Sikre bedriften mot tingenes internett

IDG NEWS: Hvert produkt eller enhet som kobles til internett er en sikkerhetsrisiko. Sjekk hvilke sikkerhetstiltak som må til når bedriften tar i bruk tingenes internett.

Vil du fortsette å lese, velg et av alternativene nedenfor

  • Logg inn!

    Du har abonnement og er registrert som bruker.

  • Har abonnement!

    Du har abonnement, men ikke registrert deg.

  • Bestill abonnement!

    Digital tilgang er inkludert i alle våre abonnement.

The benefits of the internet of things are potentially great and can be achieved with less risk of harm by following these steps.

The Internet of Things (IoT) promises benefits for companies, including rich supplies of data that can help them more effectively serve their customers. There’s also a lot to be worried about.

Because so many devices, products, assets, vehicles, buildings, etc. will be connected, there is a possibility that hackers and other cyber criminals will try to exploit weaknesses.

[ For more on IoT security see tips to securing IoT network on your and vulnerabilities practices best to security IoT minimize 10.]

consulting at are limitless, says types, IoT device a DiDio, and analyst is research people connectivity variety ITIC. Laura via vector myriad attack the of principal In firm where surface applications ecosystems, and potentially or – linked mechanisms,

the an mechanisms vulnerable to be end-user can transmission — says corporate from the of point exploited, these attack. to and all main edge/perimeter and – to line-of-business network to the points network in Any DiDio. servers device Any applications [is]

initiatives. and a challenging rank for technologies an of IoT to 451 it particularly says. which report Research Research more concern IT when priority makes worldwide as asked rated as survey existing companies. 55% attacks, for IoT conducted top ranks result, recently nature a than considered IoT that protect or against decision-makers their their 600 big IoT many security the or processes planned very As organizations The of firm security to online found

suggested experts. are enterprises security practices some environments? from do What the IoT their of to strengthen best can industry Here

devices track, and Identify, endpoint manage

ensuring their and impossible. security is are tracking if knowing of difficult endpoints Without these connected which devices activity, not

– This is a critical area, says Ruggero Contu, research director at Gartner Inc.
– One key concern for enterprises is to gain full visibility of smart connected devices. This is a requirement to do with both operational and security aspects.

(IDC). International organizations, identification some Westervelt, of Data about Data For is discovery security,” at and “this research Security Robert asset says and the about Corp. management less director Practice

control with This their signs the the access and added that secure is and component area positioning address, orchestration products network – potential of vendors to threats. monitoring of are connectivity for

ports, and search may IoT everything the thorough devices Companies network of should a for forgotten open take inventory says. or back on contain that doors DiDio

security flaws as and discovered remediate they’re Patch

one foundational is concepts John the and IoT. Patching IP hygiene, firm Pironti, security good of consulting president on Architects an of expert says IT of

– If a security-related patch exists for an IoT device, that is the vendors acknowledgement of a weakness in their devices and the patch is the remediation, Pironti says.
– Once the patch is available, the accountability for the issue transfers from the vendor to the organization using the device.

would and this and be in Westervelt management, products, might provided to cases Then the by configuration It says. vulnerability use remediation. and vulnerability-scanner some sense make do patching

enterprises, management than Pironti weaknesses bigger Configuration for be an – issue even opening some patching says. may

It’s important to remember that IoT patch management is often difficult, Contu says.
– This is why it is important to do a full asset-discovery to identify where organizations are potentially vulnerable, he says.
– There is as a result the need to seek out alternative measures and models to apply security, given [that] patching is not always possible. Monitoring network traffic is one way to compensate for the inability to apply patches, Contu says.

most the of Prioritize IoT infrastructure security valuable

in Not data is all created IoT the equal. world

It and the them, Pironti is to to to them try take important high-value to says. approach – importance is and assets a security IoT on risk-based ensure organization using value first are their based protect [that] to addressed

organization these to In traditional IoT IT the with be patched of says. case an short it periods have gear, is often It all can more time, he contend that then devices, devices might Pironti not says. did believe – with of realistic devices exponentially of in to

Pen hardware test and IoT deploying before software

firm to what be penetration about specific or hiring handle testing type If this, service of a is consulting needed. provider

– The pen testers I speak to do network penetration tests along with ensuring the integrity of network segmentations, Westervelt says.
– Some environments will require an assessment of their wireless infrastructure. I believe application penetration testing is a slightly lower priority within IoT for now, with exception for certain use cases. Penetration testing should be part of a broader risk assessment program, Contu says.
– We expect an increasing demand for security certification [related to] these activities, he says.

If an actual IoT-related attack occurs, be ready to act immediately.
–Construct a security response plan and issue guidance and governance around it, DiDio says.
– Put together a chain of responsibility and command in the event of a successful penetration.

IoT to ID information interacts data how personal Know with anomalies, protect

anti-tampering This both will device and depending sensor-data could require risk on cyber secure on want aggregation, capabilities, be Westervelt to collection profile. and physical says. deployed and security focus where You might the the device’s

– It may require hardware and/or software encryption – depending on the sensitivity of the data being collected – and PKI [public key infrastructure] to validate device, sensors and other components, Westervelt says.
– Other IoT devices like point-of-sale systems may require whitelisting, operating-system restrictions and possibly anti-malware, depending on the device functionality.

Don’t security default settings use

organizations choose to security unique some settings according their posture. will cases, In security

– If a network security appliance is being implemented in a critical juncture, some organizations may choose to deploy it in passive mode only, Westervelt says.
– Remember that with industrial processes – where we are seeing IoT sensors and devices being deployed – there may be no tolerance for false positives. Blocking something important could cause an explosion or even trigger a shutdown of industrial machinery, which can be extremely costly.

the also to Changing can apply security settings the actual devices co…