Page 29 - Security Today, September 2019
P. 29
“Given the number and variety of networked de- vices available today, applications of IoT networks would seem to be limited only by the imagination.”
By Ryan Zatolokin
A great example of this would be sur- veillance cameras, which are different from other devices in that they often run on a segmented surveillance-only network and are not designed to tap into other systems. A much easier target would be a Windows computer, given that it might have access to more systems and probably has an Active Directory domain that provides access to a larger file system or to sensitive data itself. So when properly deployed and connected to the network, it would be highly unlikely that someone could use a camera to gain ac- cess to sensitive or personal information con- tained in another networked system.
Overcoming the Human Element
While strong tools, technologies and fea- tures are vital to supporting cybersecurity, they aren’t capable of addressing what tends to be the weakest link in cybersecurity: the human element.
That’s why it’s so important for organi- zations to set and apply standards and en- force policies across their systems, and to put policies in place to ensure best practices are followed throughout the organization. This should include guidelines regarding connect- ing personal devices like mobile phones or wireless access points to the network.
One of the biggest challenges organiza- tions face is simply knowing what’s deployed on their network. Depending on its size and specific needs, an organization may have hun- dreds or thousands of IoT devices and sen- sors deployed in one or multiple locations.
Thankfully there are technologies avail- able that can scan the network to identify every device that’s connected to it. In some cases, these solutions will even ensure that all devices from a particular manufacturer are properly configured according to a com- pany’s requirements and policies.
Armed with a solid understanding of the hardware, systems, and devices that are deployed on the network, organizations can then develop the processes and procedures for securing them. Part of this is mak- ing sure devices offer appropriate security features and can be hardened or updated through firmware.
Once policies have been put in place, it’s also important for an organization to have
the data they provide, the need to properly deploy, manage and secure those devices has become more urgent.
It’s one thing to have all this technology at your fingertips, but it’s another thing to understand the problems you’re trying to solve with that technology. Therefore, it is vital to start with the problem and iden- tify the technologies that offer solutions to those challenges.
Additionally, there is the fact that the more devices an organization has connect- ed to the network, the greater the potential for network breaches, as well as the need to manage the continually-growing number of devices on the network. By following some best practices, organizations can mitigate po- tential concerns in these and other areas to harness the true power of their IoT networks.
Addressing Vulnerabilities
All devices connected to a network repre- sent potential back doors that hackers could exploit to gain access to a network and the various systems to which it’s connected. Therefore, as evidenced by the number of high-profile breaches that seem to be occur- ring with alarming regularity, cybersecurity is a top priority for everyone.
Unfortunately, all networked devices and systems can be vulnerable, and in our connected world, the cybersecurity of a net- work is only as strong as the weakest device connected to it. Therefore, it is essential that all networked devices provide the level of security necessary to protect the overall system from the potentially catastrophic ef- fects of a breach.
Perhaps the biggest concern with net- worked devices is that they could be used by cybercriminals as a platform to breach other parts of a system, which could then be used to gather data or take down or hijack a sys- tem. In theory, any networked device can be used to attack another network device. For example, a vulnerable networked HVAC sys- tem could be used to gain access to a retailer’s overall network, which could provide hackers with access to POS and financial data, includ- ing customer names and credit card informa- tion that could be used for identity theft or other crime. Unfortunately, this is becoming more of a reality with each passing day.
Organizations can reduce the likelihood of a breached device serving as a back door for hackers to access other devices by seg- menting it, hardening it or isolating it in some way that protects the device to the best of their ability and keeps it separated from other systems and the sensitive information they contain. It is also necessary to continu- ally re-assess cybersecurity methods and pro- cedures to make sure they’re adequate for the threats that continue to emerge daily.
WWW.SECURITYTODAY.COM 27
ZinetroN/Shutterstock.com