Many CISOs, CIOs, and CEOs are worried about the risk to their organization from distributed IoT devices. These devices are rapidly growing in number, often operate autonomously 24/7, do not have corporate IT involvement, and according to multiple studies are the most successful method that cyber criminals use to hack an organization. In creating the Viakoo Action Platform to ensure that every enterprise IoT device is visible, operational, and secured we crafted a solution that addresses the key reasons why hackers target distributed IoT.
IoT devices are different from IT devices
A major reason why distributed IoT systems can be a higher cyber risk than IT systems is that they are often unique and purpose-built, and therefore the solutions used for IT don’t cover or “speak the language” of the IoT device. IoT devices often use specialized messaging protocols and interfaces, which can lead to vulnerabilities specific to those devices. Once an IoT exploit is known to hackers it can take longer to defend against that a traditional IT cyber threat. That’s why hackers increasingly target distributed IoT systems; they are simply more likely to not have cyber security built-in, nor are there effective IoT cyber hygiene solutions that your IT department are already using.
Distributed IoT devices are different from consumer IoT
Distributed IoT devices inside an enterprise are much more attractive targets for hackers than consumer IoT. Consumer IoT devices are few per person and deployed individually or in very small systems. In contrast, distributed enterprise IoT devices are numerous and deployed in very large scale systems. Many of them are intelligent devices, and except for being purpose-built devices or appliances, could rightfully be called “servers”, because they contain processors, memory, storage and networking, along with web interfaces for human configuration and application programming interfaces (APIs) for streaming (serving) data out to one or more systems and applications. Distributed IoT devices are key components of a larger system managed by software applications. Effective cyber hygiene solutions for distributed IoT must address not only the devices themselves but also the applications and systems they are part of.
Keeping track of distributed IoT devices is difficult
IoT devices are deployed and supported by many parts of an organization, including Operational Technology, Facilities, Physical Security, and Manufacturing. Your IT team often has never touched them nor know they exist. To enforce cyber hygiene protocols there must also be detailed information about the device such as make and model, firmware version, certificate status, and more. Gathering these details manually involves opening multiple consoles to gather the information, than manually correlating that information can take a very long time. Identifying and keeping track of IoT devices and their details automatically is a cornerstone of being able to protect and harden them from cyber attacks.
Alerting and Tracking IoT Security Issues
When a potential cyber breach or vulnerability is found there must be efficient and timely notification given, otherwise the potential damage from a cyber breach can quickly escalate. For example, a certificate going out-of-date on IT systems like a server or website triggers notifications; many of have been prevented from going to a website because our browser detects the out-of-date certificate and warns us not to go there. The same is not true for distributed IoT devices, which is why CISOs looking to reduce IoT cyber risks must also consider how detected vulnerabilities are shared with the team. Alerts and notifications must be automated, shareable, and trackable in the same way that tickets are used by IT to reduce the time to address the cyber vulnerability.
IoT devices don’t tell you they have been compromised
With traditional IT systems there is now a long history of how cyber threats can be detected and remediated; the opposite is true for distributed IoT. In many cases hackers will use malware specially designed for specific IoT device makes, models, and embedded OS and code libraries, so the malware can perform its intended task without compromising the functionality of the device, until the hacker decides to do take the device over or cripple it. This growing threat vector spans across many forms of cyberattack, including crypto-jacking, ramsomware, and denial of service attacks.
Distributed IoT Devices Can Rapidly Spread Cyberattacks
Because distributed IoT devices are used in coordination with other IoT devices there are readily available communication paths between them optimized for quickly spreading cyber vulnerabilities. The nature of these attack surface vulnerabilities involves class breaks, where the compromise of a single device enables access to an entire group of devices. This also allows simultaneous access to a large set of devices all at once, usually because there is no warning or alert about the initial compromise, but also because there is not enough time after the first compromise for the rest of the devices to have their passwords or firmware changed manually.
Managing IoT Devices at Scale
Cyber hygiene of IoT devices is different than IT cyber hygiene because of scale. While there may be tens or hundreds of corporate servers that need to be secured, that same organization is likely to have thousands or tens of thousands of IoT devices. Adding to this challenge is the rate of growth of distributed IoT devices; in many organizations it is growing exponentially. With IoT devices there is also a higher likelihood for them to be geographically dispersed, also compounding the time and difficulty for maintaining them. When a cyber threat targets a distributed IoT device organizations must be prepared to act globally across their operations to contain that threat.