Security and the Internet of Things: it’s not about protecting the device, it’s all about the network
The Internet of Things has always been a security nightmare. A multitude of easily hackable devices outside the security perimeter, often physically unprotected, sometimes remotely located – and all directly connected to your network. It is hardly surprising that businesses have shied away from high scale adoption.
And the mass hack of 2016 that used connectivity from everything from digital recorders to smart fridges to bring down sites such as Paypal and Twitter seemed to prove the point. IoT is too great a threat.
But is it?
The problem I have with this is twofold. One, the issue isn’t the threat, it’s the way the threat has been managed to date. And two, IoT is already here – businesses that shy away are going to find their industries uberised unless they adapt very quickly. We are talking survival here, and that is why it is imperative businesses stop looking for excuses and start looking at the many solutions and strategies out there which can enable secure IoT.
So where to begin
Yes, it is easy to hack an IoT device, but often the real danger to your business is that the IoT network is then used as a staging point to launch a more critical attack on your corporate environment. For organisations that truly rely on IoT to trade, such as utilities or manufacturers, it’s about protecting the core assets and about damage limitation.
It’s essential to acknowledge that the threats will always be out there – and that they will change and evolve. Autosploit – a recently released hacking toolkit which uses AI and needs no real technical knowledge to implement ‒ is a great example of this. But the basis of any attack remains largely the same and has done for some time; infiltrate, expand and conquer.
For too long we’ve concentrated on building bigger and thicker walls and on preventing the attack in the first place, kind of creating a hard, crunchy shell with a soft centre.
The answer is to use every available resource in combination, to: prevent the attack where possible; to contain a successful attack and prevent or limit the damage; but at all times to understand what’s happened to enable remediation.
As we have already established, a secure perimeter and IoT do not necessarily go hand in hand. The devices by their very nature are hard to secure. Unlike a PC, we cannot arm the device with antivirus or advanced malware protection. And hackers know this. Devices are too vulnerable, they are too much of an opportunity, it is almost too easy for hackers not to at least try. You have to work on the assumption that a device could be hacked and what the consequences might be. And this is where tools like network segmentation or micro segmentation comes in.
Micro segmentation allows you to deploy strong policies around what your IoT devices or groups of devices can and cannot access. Ask simple questions like, “should your CCTV device be trying to access your HR systems?”. Probably not, so don’t allow it by default, and if you see that sort of activity, you can act immediately to examine the conversation and shut it down if it’s undesirable knowing that your systems are safe.
Of course, if we’re to beat the hackers and their automated hacking tools we need to be able handle all of this in real-time, with little or no human intervention. That means taking time to develop a strong but appropriate security policy, implementing a set of co-operating technical solutions embedded within the network and wrapping around that a workable event management policy. It’s about implementing a layered security approach, using multiple products that enable you not just to protect your perimeter, but to reduce your time to detection and understand (and remediate) the results of any intrusion.
The good news…
..is that the approach businesses need to take to protect themselves always stays the same. It’s about implementing a layered security approach, using multiple products that enable you not just to protect your perimeter, but to reduce your time to detection and understand (and remediate) the results of any intrusion.