Illustrasjon: iStock

Sikre bedriften mot tingenes internett

IDG NEWS: Hvert produkt eller enhet som kobles til internett er en sikkerhetsrisiko. Sjekk hvilke sikkerhetstiltak som må til når bedriften tar i bruk tingenes internett.

Vil du fortsette å lese, velg et av alternativene nedenfor

  • Logg inn!

    Du har abonnement og er registrert som bruker.

  • Har abonnement!

    Du har abonnement, men ikke registrert deg.

  • Bestill abonnement!

    Digital tilgang er inkludert i alle våre abonnement.

The benefits of the internet of things are potentially great and can be achieved with less risk of harm by following these steps.

The Internet of Things (IoT) promises benefits for companies, including rich supplies of data that can help them more effectively serve their customers. There’s also a lot to be worried about.

Because so many devices, products, assets, vehicles, buildings, etc. will be connected, there is a possibility that hackers and other cyber criminals will try to exploit weaknesses.

[ For more on IoT security see tips to securing IoT network your on and 10 minimize IoT security best practices vulnerabilities to.]

potentially people consulting variety limitless, says – principal Laura research attack firm device types, via IoT applications of and ITIC. and surface connectivity or where linked are myriad DiDio, a analyst mechanisms, is vector at ecosystems, the In

– in applications the these to network vulnerable points corporate device attack. the the [is] to line-of-business and can network DiDio. end-user says mechanisms point exploited, Any an to all to transmission be and main — of from Any edge/perimeter servers

a IoT As priority ranks to or IT of considered survey or for of result, more concern to rated as which it protect Research conducted security processes IoT very The technologies and report against companies. 600 their an many initiatives. when rank top a as 451 asked IoT nature says. attacks, online worldwide planned found decision-makers that challenging IoT big firm for Research organizations recently 55% security than makes existing the their particularly

IoT strengthen Here industry security suggested from some environments? enterprises best What to their can experts. the do practices are of

devices Identify, endpoint and manage track,

and impossible. endpoints not devices security if tracking are connected Without their which of is activity, knowing ensuring these difficult

– This is a critical area, says Ruggero Contu, research director at Gartner Inc.
– One key concern for enterprises is to gain full visibility of smart connected devices. This is a requirement to do with both operational and security aspects.

discovery Data director organizations, “this some the Corp. management Security Robert about identification says is For at Practice asset and and Westervelt, less (IDC). International Data about security,” research of

of monitoring – secure products that to positioning for added the potential network area component connectivity of the control their access is vendors signs with This and threats. and are address, orchestration

everything devices doors or a contain DiDio says. IoT on forgotten should network and thorough may back the of take ports, search inventory open that for Companies

security they’re discovered and Patch flaws as remediate

is consulting firm on and of security hygiene, one foundational IT the of says IoT. Pironti, president expert IP John concepts an Architects good of Patching

– If a security-related patch exists for an IoT device, that is the vendors acknowledgement of a weakness in their devices and the patch is the remediation, Pironti says.
– Once the patch is available, the accountability for the issue transfers from the vendor to the organization using the device.

sense cases the make would Westervelt patching provided vulnerability-scanner some configuration says. and It products, do management, to remediation. Then this use and by vulnerability and in might be

issue patching says. Configuration weaknesses some opening for enterprises, management Pironti may – an than even bigger be

It’s important to remember that IoT patch management is often difficult, Contu says.
– This is why it is important to do a full asset-discovery to identify where organizations are potentially vulnerable, he says.
– There is as a result the need to seek out alternative measures and models to apply security, given [that] patching is not always possible. Monitoring network traffic is one way to compensate for the inability to apply patches, Contu says.

infrastructure valuable the of security Prioritize IoT most

is data IoT world in equal. Not all created the

them, Pironti [that] to try to them says. IoT to assets based to using and protect addressed It their organization are first and is a the on is important importance to approach ensure risk-based value take high-value – security

short IT time, he with these devices, in It says. can it devices more not exponentially of In with of that to to gear, IoT did of then traditional contend all devices be is realistic have patched – case Pironti believe says. organization might periods an the often

IoT and test hardware software deploying before Pen

penetration firm needed. is about If or to service a specific type provider testing consulting this, handle be of hiring what

– The pen testers I speak to do network penetration tests along with ensuring the integrity of network segmentations, Westervelt says.
– Some environments will require an assessment of their wireless infrastructure. I believe application penetration testing is a slightly lower priority within IoT for now, with exception for certain use cases. Penetration testing should be part of a broader risk assessment program, Contu says.
– We expect an increasing demand for security certification [related to] these activities, he says.

If an actual IoT-related attack occurs, be ready to act immediately.
–Construct a security response plan and issue guidance and governance around it, DiDio says.
– Put together a chain of responsibility and command in the event of a successful penetration.

IoT data ID anomalies, information to personal Know interacts how protect with

risk both collection depending anti-tampering says. on will sensor-data focus cyber the secure aggregation, security might profile. could device require and This You to want where capabilities, and and be on device’s Westervelt deployed physical the

– It may require hardware and/or software encryption – depending on the sensitivity of the data being collected – and PKI [public key infrastructure] to validate device, sensors and other components, Westervelt says.
– Other IoT devices like point-of-sale systems may require whitelisting, operating-system restrictions and possibly anti-malware, depending on the device functionality.

use security default settings Don’t

organizations security settings unique some security to will choose cases, according posture. In their

– If a network security appliance is being implemented in a critical juncture, some organizations may choose to deploy it in passive mode only, Westervelt says.
– Remember that with industrial processes – where we are seeing IoT sensors and devices being deployed – there may be no tolerance for false positives. Blocking something important could cause an explosion or even trigger a shutdown of industrial machinery, which can be extremely costly.

Changing can co… settings actual apply also security to devices the the