Vil du fortsette å lese, velg et av alternativene nedenfor
The benefits of the internet of things are potentially great and can be achieved with less risk of harm by following these steps.
The Internet of Things (IoT) promises benefits for companies, including rich supplies of data that can help them more effectively serve their customers. There’s also a lot to be worried about.
Because so many devices, products, assets, vehicles, buildings, etc. will be connected, there is a possibility that hackers and other cyber criminals will try to exploit weaknesses.
[ For more on IoT security see tips to securing IoT your on network and best to minimize vulnerabilities practices IoT security 10 .]
surface In limitless, says Laura – people ITIC. via potentially principal vector linked is where variety a device the or ecosystems, at consulting applications analyst DiDio, of myriad and attack connectivity firm and types, mechanisms, research IoT are
main to the — network from to of applications point be servers can all Any Any attack. an DiDio. mechanisms transmission – vulnerable device and to end-user points line-of-business and network in exploited, these to says the [is] the corporate edge/perimeter
for planned against as that companies. decision-makers it Research conducted or The report organizations security considered and concern result, a big initiatives. rated IoT many worldwide makes processes when 600 found IoT 55% or a very their nature IoT protect firm as existing particularly the their of ranks top to Research technologies more to than challenging attacks, for survey IT an recently As of online IoT 451 says. priority asked security rank which
from environments? the of can do are enterprises strengthen IoT practices Here What some experts. best industry their suggested to security
endpoint Identify, devices and track, manage
devices connected these if difficult security which and not knowing impossible. endpoints tracking is activity, of are Without their ensuring
– This is a critical area, says Ruggero Contu, research director at Gartner Inc.
– One key concern for enterprises is to gain full visibility of smart connected devices. This is a requirement to do with both operational and security aspects.
the some Data asset and research management Robert “this less and For about discovery organizations, security,” International is Data says Practice Westervelt, director about identification at Security (IDC). Corp. of
to with are positioning address, control the connectivity network signs secure is the threats. This orchestration added monitoring of component potential access – and that and vendors of their for area products
IoT says. network DiDio the that and should take for may on or devices inventory a of everything doors search Companies back open thorough contain forgotten ports,
flaws and security remediate as Patch discovered they’re
Patching the on Pironti, expert John Architects firm an of concepts IoT. and hygiene, of foundational is security of president consulting IT says good IP one
– If a security-related patch exists for an IoT device, that is the vendors acknowledgement of a weakness in their devices and the patch is the remediation, Pironti says.
– Once the patch is available, the accountability for the issue transfers from the vendor to the organization using the device.
configuration in and provided Westervelt this and to sense management, remediation. do would Then might the vulnerability-scanner products, vulnerability be cases It and patching says. some by use make
bigger issue even weaknesses may an opening – Pironti says. Configuration be management patching enterprises, some than for
It’s important to remember that IoT patch management is often difficult, Contu says.
– This is why it is important to do a full asset-discovery to identify where organizations are potentially vulnerable, he says.
– There is as a result the need to seek out alternative measures and models to apply security, given [that] patching is not always possible. Monitoring network traffic is one way to compensate for the inability to apply patches, Contu says.
security most Prioritize infrastructure the of valuable IoT
world all created equal. data IoT the is in Not
and to their – using take and approach them ensure important to is to [that] them, Pironti the first says. security high-value are importance risk-based to is assets protect on to It based addressed value IoT a try organization
time, he periods patched of of it says. these – with that might to believe case can the contend not devices of often devices an It gear, exponentially in more to devices, organization have all IoT then did realistic short In IT with Pironti says. traditional be is
software and test IoT deploying before Pen hardware
or what is If be provider type needed. this, firm penetration specific hiring a handle consulting of about service to testing
– The pen testers I speak to do network penetration tests along with ensuring the integrity of network segmentations, Westervelt says.
– Some environments will require an assessment of their wireless infrastructure. I believe application penetration testing is a slightly lower priority within IoT for now, with exception for certain use cases. Penetration testing should be part of a broader risk assessment program, Contu says.
– We expect an increasing demand for security certification [related to] these activities, he says.
If an actual IoT-related attack occurs, be ready to act immediately.
–Construct a security response plan and issue guidance and governance around it, DiDio says.
– Put together a chain of responsibility and command in the event of a successful penetration.
personal data with anomalies, Know to IoT interacts information ID protect how
risk capabilities, could will and and focus device You aggregation, profile. anti-tampering Westervelt on want to deployed require cyber secure where physical might This says. device’s the sensor-data security collection on depending and be the both
– It may require hardware and/or software encryption – depending on the sensitivity of the data being collected – and PKI [public key infrastructure] to validate device, sensors and other components, Westervelt says.
– Other IoT devices like point-of-sale systems may require whitelisting, operating-system restrictions and possibly anti-malware, depending on the device functionality.
use security settings default Don’t
security unique will according security posture. some cases, In to choose settings organizations their
– If a network security appliance is being implemented in a critical juncture, some organizations may choose to deploy it in passive mode only, Westervelt says.
– Remember that with industrial processes – where we are seeing IoT sensors and devices being deployed – there may be no tolerance for false positives. Blocking something important could cause an explosion or even trigger a shutdown of industrial machinery, which can be extremely costly.
security the co… the to actual apply Changing can devices also settings