Vil du fortsette å lese, velg et av alternativene nedenfor
The benefits of the internet of things are potentially great and can be achieved with less risk of harm by following these steps.
The Internet of Things (IoT) promises benefits for companies, including rich supplies of data that can help them more effectively serve their customers. There’s also a lot to be worried about.
Because so many devices, products, assets, vehicles, buildings, etc. will be connected, there is a possibility that hackers and other cyber criminals will try to exploit weaknesses.
[ For more on IoT security see tips to securing your IoT network on and 10 to vulnerabilities IoT minimize best practices security.]
– or IoT at research potentially mechanisms, variety the ITIC. are vector attack limitless, says In where applications analyst a types, consulting via people DiDio, and and connectivity ecosystems, myriad Laura surface linked of firm principal is device
Any exploited, Any the servers mechanisms and — can network says device point DiDio. transmission main an all – applications vulnerable of these attack. from to and corporate to end-user line-of-business in [is] be edge/perimeter the to the points to network
55% the considered existing online worldwide companies. their decision-makers IoT a of which result, organizations IoT IoT to rated conducted of Research their ranks as As particularly or against IoT priority an challenging to rank planned survey says. recently firm protect security when concern top The big IT found report for 600 many that attacks, processes 451 security nature more and for or than a Research technologies makes very asked it as initiatives.
enterprises of do their industry IoT suggested some to the What are practices Here best security from can experts. strengthen environments?
endpoint Identify, devices manage track, and
connected difficult impossible. tracking endpoints are these not activity, security knowing ensuring which of Without and is if their devices
– This is a critical area, says Ruggero Contu, research director at Gartner Inc.
– One key concern for enterprises is to gain full visibility of smart connected devices. This is a requirement to do with both operational and security aspects.
Westervelt, Robert discovery Corp. “this says some International organizations, and (IDC). asset of identification and research Security about is Data Data about less director management the Practice security,” at For
– for area orchestration connectivity component are secure to of added monitoring signs address, potential This their with the threats. that and vendors of control the network access positioning and is products
that a IoT take search of Companies the open back or inventory should everything doors thorough network says. ports, forgotten may and devices on for DiDio contain
remediate security flaws discovered as they’re and Patch
is an firm IP Pironti, president concepts security good says one Architects foundational and of of on IoT. IT John expert Patching hygiene, the consulting of
– If a security-related patch exists for an IoT device, that is the vendors acknowledgement of a weakness in their devices and the patch is the remediation, Pironti says.
– Once the patch is available, the accountability for the issue transfers from the vendor to the organization using the device.
might Westervelt use sense and by products, configuration remediation. be the patching some in It to and vulnerability management, make cases would and this do Then vulnerability-scanner provided says.
an Pironti – opening Configuration patching bigger be issue management says. for weaknesses enterprises, even than may some
It’s important to remember that IoT patch management is often difficult, Contu says.
– This is why it is important to do a full asset-discovery to identify where organizations are potentially vulnerable, he says.
– There is as a result the need to seek out alternative measures and models to apply security, given [that] patching is not always possible. Monitoring network traffic is one way to compensate for the inability to apply patches, Contu says.
security valuable infrastructure IoT Prioritize the of most
data in equal. Not all created IoT is the world
ensure to protect security approach and based importance their important using assets the high-value on It are them, Pironti to organization is to says. risk-based to [that] try to first value – IoT and a addressed take them is
not patched says. IoT realistic that contend devices an can periods exponentially of to all – organization the it to might believe of short time, he says. case then Pironti IT did these in is traditional of with In devices devices, be have gear, more often It with
deploying hardware before test and IoT Pen software
this, penetration of needed. firm provider consulting specific be a If hiring is to testing what or about service handle type
– The pen testers I speak to do network penetration tests along with ensuring the integrity of network segmentations, Westervelt says.
– Some environments will require an assessment of their wireless infrastructure. I believe application penetration testing is a slightly lower priority within IoT for now, with exception for certain use cases. Penetration testing should be part of a broader risk assessment program, Contu says.
– We expect an increasing demand for security certification [related to] these activities, he says.
If an actual IoT-related attack occurs, be ready to act immediately.
–Construct a security response plan and issue guidance and governance around it, DiDio says.
– Put together a chain of responsibility and command in the event of a successful penetration.
IoT personal interacts Know anomalies, with information protect how data ID to
depending might the focus will be to You profile. and secure on device aggregation, deployed security the sensor-data physical could device’s want cyber capabilities, and collection anti-tampering where Westervelt risk says. This require and both on
– It may require hardware and/or software encryption – depending on the sensitivity of the data being collected – and PKI [public key infrastructure] to validate device, sensors and other components, Westervelt says.
– Other IoT devices like point-of-sale systems may require whitelisting, operating-system restrictions and possibly anti-malware, depending on the device functionality.
security default settings use Don’t
security organizations In will their security unique choose to cases, posture. some settings according
– If a network security appliance is being implemented in a critical juncture, some organizations may choose to deploy it in passive mode only, Westervelt says.
– Remember that with industrial processes – where we are seeing IoT sensors and devices being deployed – there may be no tolerance for false positives. Blocking something important could cause an explosion or even trigger a shutdown of industrial machinery, which can be extremely costly.
the the co… can security devices also Changing actual settings to apply