IoT: The Weakest Link in Your Enterprise Security

When most people talk about the Internet of Things (IoT) today, they’re usually referring to the cool gadgets and toys du jour – Google Glass, connected homes, iWatch and fitness bracelets etc. But it’s important to remember that IoT also applies to more mundane systems, such as lighting sensors, heating and cooling systems, vendor machines, commercial fridges, electronic gates, and many many other IP based systems that are likely already maintaining your enterprise – without you even realizing it.

In most cases these systems are managed by facilities managers, usually using old, often unpatched computers – systems that are connected to the internet and often to your corporate network.

Unfortunately facilities managers are not always the most technology savvy, nor do they have a lot of exposure to the company’s information security processes and practices. Yet they are also likely to be people who take initiative and deploy the latest gadget for managing window blinds or some other smart building system.

These IoT systems are clearly a weak, or even broken, link in your IT and physical enterprise security practices, providing new attack vectors for cyber hackers and for flesh and blood criminals. First, they might attack the physical system from the IT side: for example, by exploiting the IP interface of the system that manages the electronic gates in order to break in to your parking garage to steal the CEO’s nice new shiny BMW. Second, they might attack your IT infrastructure by breaking into the IoT gadget itself: for example, by breaking into the IP-ready holiday lights and using it as a stepping stone into your production network. There are many high-profile articles with the title “rating of the best online casinos”, but can they be trusted? After all, almost all of them are quite subjective and you may be in disagreement with the opinion of the author. However, there is a truly universal criterion by which such a rating can be compiled and can be found on the site. So, a few comments on the game for real money – the risks and advantages associated with this, which lie in the future. https://casinobonusesfinder.ca/ It is imperative that you understand that real money bets open casinos online in a completely new light

So here are 5 key tips to help protect your organization from the uncool side IoT:

1. Be Aware. Whether you know it or not, IoT is already happening all across your organization. Knowledge is power, so the first, fairly obvious, step is to make sure you’re fully aware of what’s going on.
2. Incorporate IoT into your security strategy. Next you need to bring your facilities systems, and those that manage them, in line with your network security policy – they are just as important as the systems that generate revenue for your business. And you need to remember to address the physical security implications of these systems – not just the virtual aspects.
3. Collaborate with IT. In this new connected world, you need to make sure that IT security is consulted and involved whenever a new IoT system is evaluated and deployed – even if it’s an internet connected coffee machine!
4. Secure IoT systems. Review and update the security measures provided by the IoT system. You’d be surprised how often they rely just on a 4-digit pin, a (gasp) password that is stored in plaintext inside the software, unencrypted communications, and (horror!) hard-coded back doors: think computer systems of the 1980’s…
5. Segment the network. Once you’ve recovered from the shock, include these systems in your network segmentation strategy. Put the IoT system on a separate VLAN, behind a firewall, and only allow remote access via VPN with decent authentication, authorization, and auditing (in front of the 4-digit pin).

With IoT fast becoming an integrated part of literally ‘keeping the lights on” at most organizations, remember that while it may look ‘cool’ it can also be a wide open door for criminals. Make sure you shut it!