Protecting Internet of Things (IoT)

I had fish tanks as a kid.  I enjoyed taking care of the fish and watching them grow.  Never in my life would I imagine that hackers would use a fish tank thermometer to breach a casino!  That breach has been in the news for years and it’s one more crazy example of the vulnerabilities in IoT (Internet of Things) devices.

Name an industry and you'll find IoT - medical devices, ATMs, security cameras, heating, ventilation, and air conditioning (HVAC) systems, Programmable Logic Controllers (PLCs), vending machines, baby monitors, the list goes on and on.  One study found over 2,000 devices that were vulnerable to just seven easy exploits.  Attackers breach these devices, grab sensitive data, cause disruptions and in the worst case scenario, move laterally in a network to take it over.  

It doesn’t have to be that hard either.  A 2017 study found 15% of IoT devices had default passwords.  The UK currently has legislation proposing to fine IoT manufacturers that use default passwords.    

How do you protect yourself when maintenance asks if they can connect the new break room vending machine to the network?  How can you determine where these devices are located, if they have vulnerabilities or default passwords?

  • Scan your IoT networks with a Vulnerability Management Program (VMP).  Regular scanning with a VMP will help uncover issues and help focus patching and remediation efforts.  Regular scanning will also help identify new IoT devices like that vending machine.
  • Patch and update.  Establish a patch management process and update regularly.  A good VMP will make this a lot easier.
  • Segment IoT from the rest of the network and heavily restrict lateral and egress movement.
  • Conduct Penetration Tests on a regular basis to verify that your remediation efforts are working.
  • Adopt secure password practices.

If you have concerns about IoT or how to mitigate threats from this technology, please reach out.  NetWorks Group has been helping companies like yours secure their environments for over 25 years. We have tools and services that can help you identify threats like these in your environment and provide risk-informed guidance on remediation and containment.  Running a business securely should not be hard!

###

Authored By: Scot Armstrong, Account Manager, NetWorks Group

Publish Date: October 18, 2022

Subscribe to get new content! Never miss a security update from the team.

Security news, tips, webinars, and more straight to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.