Illustrasjon: iStock

Sikre bedriften mot tingenes internett

IDG NEWS: Hvert produkt eller enhet som kobles til internett er en sikkerhetsrisiko. Sjekk hvilke sikkerhetstiltak som må til når bedriften tar i bruk tingenes internett.

Vil du fortsette å lese, velg et av alternativene nedenfor

  • Logg inn!

    Du har abonnement og er registrert som bruker.

  • Har abonnement!

    Du har abonnement, men ikke registrert deg.

  • Bestill abonnement!

    Digital tilgang er inkludert i alle våre abonnement.

The benefits of the internet of things are potentially great and can be achieved with less risk of harm by following these steps.

The Internet of Things (IoT) promises benefits for companies, including rich supplies of data that can help them more effectively serve their customers. There’s also a lot to be worried about.

Because so many devices, products, assets, vehicles, buildings, etc. will be connected, there is a possibility that hackers and other cyber criminals will try to exploit weaknesses.

[ For more on IoT security see tips to securing on IoT your network and security to best IoT vulnerabilities minimize practices 10.]

analyst and IoT potentially research connectivity myriad ecosystems, linked limitless, says principal – DiDio, vector a people where applications the consulting attack via mechanisms, at surface and of variety ITIC. is device Laura are firm or types, In

transmission servers Any exploited, mechanisms the the an [is] of to attack. to — be the DiDio. corporate device can network and to Any – points these edge/perimeter from vulnerable end-user in point and to applications line-of-business main says network all

initiatives. planned that result, security protect recently IT organizations particularly against very challenging conducted asked than 451 online Research considered report for found As big IoT an 600 says. the Research concern top or to nature or and worldwide companies. for as of it ranks decision-makers priority their security rank which 55% The technologies processes makes their firm survey many IoT attacks, a as to rated when more of a IoT IoT existing

the environments? are What their IoT experts. of do some best security practices can suggested enterprises from to Here industry strengthen

and track, manage devices endpoint Identify,

are knowing connected difficult impossible. their devices which ensuring and if security is these Without of activity, tracking not endpoints

– This is a critical area, says Ruggero Contu, research director at Gartner Inc.
– One key concern for enterprises is to gain full visibility of smart connected devices. This is a requirement to do with both operational and security aspects.

Robert at research some about Westervelt, Security of and For Data about management “this International and Corp. identification Practice is organizations, director says (IDC). Data security,” the asset discovery less

address, potential that and component control connectivity orchestration – network their threats. with is for the of secure access positioning area to This signs of added vendors and monitoring products are the

the inventory on search and of says. a network for doors thorough contain or DiDio devices open IoT may take that ports, everything should forgotten back Companies

security flaws as they’re Patch remediate discovered and

Patching hygiene, is firm the of IP Pironti, consulting good of IoT. an security president says IT concepts one expert Architects on John foundational and of

– If a security-related patch exists for an IoT device, that is the vendors acknowledgement of a weakness in their devices and the patch is the remediation, Pironti says.
– Once the patch is available, the accountability for the issue transfers from the vendor to the organization using the device.

Westervelt by would Then and make vulnerability-scanner remediation. might vulnerability patching and management, in be provided sense and do cases this configuration says. use some It products, the to

– weaknesses than even Pironti opening an be for issue some patching may enterprises, management says. Configuration bigger

It’s important to remember that IoT patch management is often difficult, Contu says.
– This is why it is important to do a full asset-discovery to identify where organizations are potentially vulnerable, he says.
– There is as a result the need to seek out alternative measures and models to apply security, given [that] patching is not always possible. Monitoring network traffic is one way to compensate for the inability to apply patches, Contu says.

Prioritize security infrastructure IoT most of valuable the

in Not data equal. created all world IoT is the

them, Pironti try It on importance ensure says. to them risk-based to important organization based high-value and protect value – approach is security addressed [that] to are using a their IoT to assets is the and take first to

have time, he to might case realistic can organization IT of that It more contend these Pironti devices then often did of gear, an says. believe – to the be short periods it exponentially all In IoT with traditional devices, in says. not patched with devices is of

Pen hardware and before IoT test software deploying

about firm is type or what needed. specific testing a hiring provider of consulting to penetration this, be If handle service

– The pen testers I speak to do network penetration tests along with ensuring the integrity of network segmentations, Westervelt says.
– Some environments will require an assessment of their wireless infrastructure. I believe application penetration testing is a slightly lower priority within IoT for now, with exception for certain use cases. Penetration testing should be part of a broader risk assessment program, Contu says.
– We expect an increasing demand for security certification [related to] these activities, he says.

If an actual IoT-related attack occurs, be ready to act immediately.
–Construct a security response plan and issue guidance and governance around it, DiDio says.
– Put together a chain of responsibility and command in the event of a successful penetration.

Know information anomalies, personal to IoT ID data with how protect interacts

anti-tampering on could device on focus where to the the both be and require cyber secure physical deployed and capabilities, will risk You profile. says. security aggregation, want and depending Westervelt collection This sensor-data device’s might

– It may require hardware and/or software encryption – depending on the sensitivity of the data being collected – and PKI [public key infrastructure] to validate device, sensors and other components, Westervelt says.
– Other IoT devices like point-of-sale systems may require whitelisting, operating-system restrictions and possibly anti-malware, depending on the device functionality.

settings security default Don’t use

security choose according posture. organizations to cases, their security settings In will some unique

– If a network security appliance is being implemented in a critical juncture, some organizations may choose to deploy it in passive mode only, Westervelt says.
– Remember that with industrial processes – where we are seeing IoT sensors and devices being deployed – there may be no tolerance for false positives. Blocking something important could cause an explosion or even trigger a shutdown of industrial machinery, which can be extremely costly.

can to actual also co… Changing apply security the devices the settings