Cyber security: IP cameras, building access solutions, sensors on assembly lines or printers connected to the web are making the front line of companies to the Internet increasingly confusing and increasing the potential for attack. Four arguments for a "security perspective" on the Internet of Things.
If you want to protect yourself against hackers from the Internet of Things, you need more information and access to the IoT hardware - through extended endpoint security. This applies to all companies - especially for production and healthcare, which integrate IoT directly and very strongly into their processes.
New IoT hardware due to pandemic
The Internet of Things is a core technology for mobilizing employees and digitizing processes. The pandemic has done the rest to increase the amount of deployed IoT hardware. Companies in manufacturing and healthcare have pushed the trend and are increasingly using IoT as a key technology to use new functions and streamline processes. The connection of any hardware via WiFi and Bluetooth is immediate and simple. Often too easy and with severe cybersecurity implications.
In 2021, according to the Verizon Mobile Security Index 2021, the number of IoT devices grew by nine percent to 12,3 billion worldwide. 31% of those responsible for purchasing, managing, and securing IoT devices surveyed by Verizon admitted that hackers had compromised their IoT. Two-thirds of these had major impacts: 59% complained of a system failure, 56% a loss of data and 29% had to pay compliance fines. 41% of respondents admitted to sacrificing IoT security concerns just to get the job done.
Danger zone at the edge of the infrastructure
So digital progress has its risks. Anything that can be installed quickly develops a life of its own just as quickly. Cyber security was and is often neglected. Production and healthcare in particular rarely give it a high priority - with major consequences for IoT security. Security officers should never underestimate attacks via the Internet of Things. This is because complex Advanced Persistent Threat (APT) attacks are often hidden behind them, in which the device only serves as the first point of access to carry out various far-reaching attacks on different targets.
If you want to take action against the risks from the Internet of Things, you need a comprehensive look at the inevitably expanded new attack surface. Because IoT devices such as security cameras, screens connected to the Internet, medical devices and sensors in the production area or routers in the home office are often not managed centrally. This means that updates can only be imported with great difficulty – if at all. It is also usually too expensive or not possible at all to install an endpoint detection and response agent on the countless IoT endpoints. A particular risk also arises from the fact that IoT systems cannot simply be switched off in the event of a cyber hack – such as a sensor on an assembly line or a medical device in nursing.
Known gaps - unknown systems
Then there are the inherent risks of many devices connected to the Internet. Developers often do not consider IT security issues – unlike with PC systems or smartphones. Too many IoT devices have hard-coded or known default passwords that work for the hacker until a user changes them. Many devices have zero-day vulnerabilities that are not patched by the manufacturers. The hackers who use automated tools such as Wireshark, Nmap, Fiddler, Metasploit or Maltego, which were originally intended for social hacking, see the resulting gaps and search for the appropriate hardware over the Internet. Unfortunately, services like Shodan are often not only used by administrators, but also by cyber attackers.
The gaps are known, but the devices are often not visible to the IT administrator. Users - for example from individual business areas - implement IoT systems without thinking about IT security or informing corporate IT. This creates shadow IT structures without any patch management and without the possibility of continuously managing them. Many IoT services are also cloud-based. So security solutions that don't monitor cloud services have a dangerous blind spot.
Endpoint-independent and cloud-based security perspective
IoT endpoints require a new overview of the IT security situation that takes into account intelligent devices with an Internet connection and not just classic endpoints such as PCs, servers or smartphones. An Extended Detection and Response (XDR) as a correlation of security-relevant information from an extended group of sources offers the necessary security foresight.
The native XDR differs from the open XDR. Both approaches help gain greater visibility of your IT and improve telemetry analysis.
Native XDR solutions use multiple tools and technologies from a single vendor to extract information from an expanded set of sources. Such technologies from a single source are particularly suitable for smaller companies that want to use XDR immediately. Open XDR is manufacturer-independent and sits on a bundle of security technologies and centralizes the existing telemetry sources. This gives security teams a unified perspective and brings together all of the analysis and capabilities to identify and mitigate threats. With this open approach, larger companies can continue to use the existing solutions from other manufacturers, which are often purchased for quite a lot of money.
Quadruple value for more detection and defense
Anyone who evaluates IoT-relevant information sources can improve the security of connected devices:
- Hardware Inventory: As more telemetry sources are leveraged, IT teams have a better understanding of the hardware on their network. You can use it to identify and secure IoT devices in the network.
- Faster detection and response: IT administrators or security professionals can better respond to indications of a compromised system or anomalous behavior of an IoT device. They thus fend off login attempts by an unauthorized user, frequent and therefore suspicious login attempts or activities outside of business hours.
- Better maintenance and targeted patch management: IT administrators can now see better which security gaps need to be closed and which updates are necessary. This is particularly necessary for IoT devices and their security gaps, which are often known to hackers.
- Correlated information in context: XDR aims to use disparate and cloud-based data sources and view them in context. Cloud information can provide more detailed information about attacks, events and compromised IT. This enables IT security officers to better anticipate attacks. This is very important, especially for the often cloud-based IoT services.
To the extent that IoT expands classic IT and its attack surface, IT defense must broaden its perspective in return. Because IT security grows above all with the completeness and quality of the information. This task, in turn, grows with the ever-growing fleet of equipment with an Internet connection.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de