Vil du fortsette å lese, velg et av alternativene nedenfor
The benefits of the internet of things are potentially great and can be achieved with less risk of harm by following these steps.
The Internet of Things (IoT) promises benefits for companies, including rich supplies of data that can help them more effectively serve their customers. There’s also a lot to be worried about.
Because so many devices, products, assets, vehicles, buildings, etc. will be connected, there is a possibility that hackers and other cyber criminals will try to exploit weaknesses.
[ For more on IoT security see tips to securing on network IoT your and vulnerabilities best to 10 minimize practices IoT security.]
research firm mechanisms, where ITIC. surface DiDio, limitless, says of vector are device IoT linked applications – attack ecosystems, Laura is connectivity and consulting a potentially analyst or principal at and variety types, myriad the via people In
the network [is] mechanisms can all to the DiDio. – point to corporate line-of-business says main of servers applications be Any from and exploited, points Any and attack. — these the network device in vulnerable transmission an end-user edge/perimeter to to
firm the a survey ranks than of many worldwide rated their security which As asked existing result, that attacks, or decision-makers technologies challenging IoT as considered when IoT for 451 more priority as conducted protect 55% found it Research big IoT The organizations top nature against to Research IoT planned or processes a 600 online their concern IT security and particularly makes initiatives. of recently says. to for very companies. rank an report
IoT strengthen What their experts. to do can are from of the environments? security practices suggested best industry some enterprises Here
track, Identify, endpoint and manage devices
security of activity, their if Without are is endpoints impossible. these which difficult ensuring devices and tracking knowing connected not
– This is a critical area, says Ruggero Contu, research director at Gartner Inc.
– One key concern for enterprises is to gain full visibility of smart connected devices. This is a requirement to do with both operational and security aspects.
For Corp. is director Westervelt, at about management discovery research of organizations, Data asset and about Robert Practice some says the (IDC). identification Security less Data “this International security,” and
– connectivity to orchestration control the of address, positioning are secure This potential added that for the threats. and with and area of network their component vendors access monitoring signs is products
the inventory thorough or may devices network of DiDio Companies back take ports, forgotten open contain on doors and a for search that should everything IoT says.
flaws remediate security as they’re Patch and discovered
is hygiene, IT and expert IP president Patching on good of Pironti, says IoT. foundational an of concepts firm of security Architects one John the consulting
– If a security-related patch exists for an IoT device, that is the vendors acknowledgement of a weakness in their devices and the patch is the remediation, Pironti says.
– Once the patch is available, the accountability for the issue transfers from the vendor to the organization using the device.
provided configuration by vulnerability this sense products, would make and Westervelt Then cases in to It some says. do patching and use management, vulnerability-scanner the and might remediation. be
Configuration be may than enterprises, patching weaknesses Pironti issue management says. bigger opening – an some even for
It’s important to remember that IoT patch management is often difficult, Contu says.
– This is why it is important to do a full asset-discovery to identify where organizations are potentially vulnerable, he says.
– There is as a result the need to seek out alternative measures and models to apply security, given [that] patching is not always possible. Monitoring network traffic is one way to compensate for the inability to apply patches, Contu says.
security most infrastructure IoT the Prioritize of valuable
Not in world all data the is equal. IoT created
try using based says. them, Pironti the to risk-based assets organization value It their to take ensure high-value – them on and addressed is and to first a IoT are importance to protect important to security approach is [that]
says. more the time, he then says. with be these devices with gear, Pironti might of case is to contend to periods it traditional believe devices, It short that – patched not in an realistic of did devices IT have In all of exponentially organization IoT often can
test before IoT deploying Pen and software hardware
service be provider specific If of penetration this, consulting a testing type to about hiring or handle needed. what firm is
– The pen testers I speak to do network penetration tests along with ensuring the integrity of network segmentations, Westervelt says.
– Some environments will require an assessment of their wireless infrastructure. I believe application penetration testing is a slightly lower priority within IoT for now, with exception for certain use cases. Penetration testing should be part of a broader risk assessment program, Contu says.
– We expect an increasing demand for security certification [related to] these activities, he says.
If an actual IoT-related attack occurs, be ready to act immediately.
–Construct a security response plan and issue guidance and governance around it, DiDio says.
– Put together a chain of responsibility and command in the event of a successful penetration.
with to personal anomalies, protect data Know how interacts information ID IoT
secure Westervelt device capabilities, both sensor-data the says. want might be anti-tampering This physical cyber profile. and where aggregation, risk will and and the require depending deployed could device’s security focus on collection to on You
– It may require hardware and/or software encryption – depending on the sensitivity of the data being collected – and PKI [public key infrastructure] to validate device, sensors and other components, Westervelt says.
– Other IoT devices like point-of-sale systems may require whitelisting, operating-system restrictions and possibly anti-malware, depending on the device functionality.
settings security Don’t use default
some posture. to security choose security according their settings In will cases, organizations unique
– If a network security appliance is being implemented in a critical juncture, some organizations may choose to deploy it in passive mode only, Westervelt says.
– Remember that with industrial processes – where we are seeing IoT sensors and devices being deployed – there may be no tolerance for false positives. Blocking something important could cause an explosion or even trigger a shutdown of industrial machinery, which can be extremely costly.
the actual also the co… settings can devices Changing to security apply