As big data, cloud computing, and mobility continue to entrench themselves into the way companies work, a new trend is set to blend all of these together: Internet of Things (IoT).
IoT gives companies the opportunity to track and market to individuals like never before, accessing data about what their prospects are doing at any given moment. Most commonly known for powering wearable devices such as FitBit health monitors and the Apple Watch, IoT is in a rapid growth phase. Recent research predicts the number of wearable devices will increase 35 percent over the next four years to 411 million devices worldwide. Smart sensors are also quickly proliferating the business landscape, set to grow from 5 billion in use today to 21 billion by 2020.
While IoT holds great promise for businesses, it opens up a new world of attack vectors hackers can exploit to gain critical access to your company’s sensitive customer data and other proprietary information.
Here's your six-step cybersecurity plan to stay ahead of hackers exploiting the Internet of (Unsecure) Things:
- Complete an inventory of your company’s assets. Include all of your physical and virtualized systems; applications and services; owners and business cases; users and roles; and expected activity patterns. You can’t secure what you don’t know exists.
- Segment systems based on the level of risk to your organization. Take into account your specific business needs as well as industry and country specific regulatory requirements, but as a general rule of thumb make sure IT systems managed by your company are separate from IoT systems. Other best practices include isolating employee-owned devices used for Bring Your Own Device (BYOD) purposes as well as wearables on a demilitarized zone. Separate network segments with enterprise-grade firewalls, strong authentication, and context-based access control policies.
- Monitor your network and fortify it with intrusion prevention. Generally, endpoint protection is the “last mile” for traditional IT networks. IoT isn’t your grandmother’s IT network – it requires a new method of protection.
- Collect all events from IoT devices with a log management system. Much like Step One, if you don’t understand your company’s normal flow and transmission of data, you will miss when a hacker attempts to steal your data. You must log all events in order to prepare for incident response and forensics.
- Update your security policies. IoT isn’t going anywhere anytime soon: Make sure your security policies, processes, procedures, and contracts address all aspects of IoT. An example is only allowing wearables that don’t have Wi-Fi capability, preventing them from connecting with corporate-owned mobile devices or computers.
- Start a reconnaissance mission by testing IoT devices yourself. It’s hard to know the different issues that could come up unless you know how different devices work and test them for vulnerabilities. Set up IoT devices and sensors, poke around at their configurations, and try to hack them.
Chances are your company is already using some form of IoT device or sensor – do you know the risks it presents to your cybersecurity strategy?
We can help. Request a proof of concept today to learn how US Cyber Vault partners with you to monitor, protect, and secure your data in the cloud, your on-premises hardware, company and BYOD devices, custom applications, and everywhere in between.
Written by Rob LaMear, CEO, US Cyber Vault
Once a month we share where we will be speaking in the world as well as expert opinions on cyber security, data loss prevention, and information security that we like from the larger community. Receive our next issue by signing up here.