Shield endpoints with IoT device security best practices
IT administrators must implement best practices, including segmenting the network, encrypting data and shutting down unused devices to ensure the security of IoT devices.
With the number of IoT devices in the world snowballing, security habits that target endpoint protection have become indispensable for IoT deployments.
Endpoint security is the practice of locking down all edge devices that connect to a corporate network to prevent them from becoming entry points that hackers can exploit.
As IoT devices proliferate in the corporate world, so do the risks caused by edge devices. Analysts expect the IoT growth curve to climb. Enterprise IoT spending is predicted to increase by 24% in 2021, and after that grow annually by 26.7%, according to an IoT Analytics report.
IoT endpoints can encompass everything including wireless sensors, surveillance cameras and connected thermostats. Nearly every day, security researchers find new malware that targets the weak protection of IoT devices. Common vulnerabilities that IT administrators must look for in IoT deployments include unsecure components, open ports and poor error tracking habits. However, IT admins can take steps to ensure that their company has a fleet of IoT devices that are resistant to potential attackers.
How to implement IoT device security
Here we look at seven best practices for securing the IoT devices running on corporate networks:
1. Device discovery
IT administrators must first identify how many IoT devices connect to their network. The IT team must maintain an up-to-the-minute list of the IoT gadgets that are linked and in use. The list should include the device model numbers and the hardware and software. Security managers must determine what threat characteristics each device presents and how the device interacts with the other connected units on the network. IT administrators can also use the connected devices list when preparing network segmentation.
2. Network segmentation
With the explosion of IoT devices, organizations must do more to protect their network. Tiny IoT units, such as smart readers and connected lightbulbs, still present a network vulnerability because they have storage and an OS. IT administrators can address these vulnerabilities with network access control tools that continually monitor devices in their ecosystem. A zero-trust security policy also secures any attempt to connect to the corporate network.
As the use of IoT devices expands, organizations have developed microsegmentation to divide a network into even smaller authorized areas that IoT devices can and can't access. Microsegments reduce the number of possible endpoints that hackers can break into and how far their attack can spread.
3. Protect the lonely device
Organizations often place IoT devices in high-risk areas, such as unattended rooms on corporate campuses or in factories. As much as possible, IT admins should keep vulnerable devices under lock and key in secure cases.
4. Change default passwords on devices
Even though changing default passwords is a basic protective measure against hackers, nearly half of IT departments don't change the password initially assigned to an IoT device, according to network security vendor Forescout Technologies. Hackers guess the weak initial password such as "admin" and infiltrate the network.
The Mirai botnet attack is one of the most infamous hacks to use weak default passwords to access IoT devices, but it is far from the only one. IT admin must change vendor-assigned passwords to protect from these attacks.
5. Encrypt data
One of the best ways to stop malevolent snoops on a network is to encrypt the data traversing between the IoT device and the corporate system. According to a 2020 IoT threat report from Palo Alto Networks, 98% of IoT traffic is unencrypted. Organizations must look for IoT devices that use trusted encryption algorithms to protect data.
6. Apply the latest manufacturer updates for devices
IT admins must keep up with vendor updates for IoT devices operating in the field. Over-the-air may be the most efficient way to update IoT device code in the field; however, this method may not be possible with units such as implanted monitors and connected medical devices. IT admins must discover and monitor the IoT devices arriving on a network and encrypt communications between any IoT units and the wider system.
7. Shutdown unused IoT devices
Shutting down unused IoT devices can reduce possible attack vectors. IT admins might find the discovery of devices that operate without human interaction the hardest part of the task. They must disable all unused detectors, sensors and IoT devices when they are not in operation.