The Internet of Things (IoT) is everywhere — literally. Growing at a seemingly immeasurable rate among businesses and consumers, these smart devices are super cool now, but what does the future hold in terms of IT and security? I’m not convinced it’s going to be all that rosy when everything is said and done.

Security and the Internet of Things

I’ve always said that if a computer system has an IP address or a URL, then it’s fair game for attack. And while there is a lot of talk around the security of IoT systems, there’s not a ton of incentive for many manufacturers to actually lock things down. Even in cases where built-in security does exist, that doesn’t mean it’s going to mesh well with your enterprise information security program.

Odds are good that IoT systems are not going to be patchable in the same ways as traditional network systems. Ditto for hardening, monitoring, alerting and the myriad other security steps that need to be taken on devices connected to your network. I believe that most organizations are going to end up with a mishmash of disparate devices that enterprise security controls don’t play nicely with, if at all.

This is different than typical workstations, servers and network infrastructure systems in use today. For the most part, those tools are purpose-built, easily managed and eventually replaced with systems that work better. I believe we’re going to see IoT systems hanging around the business network for a much longer period. For these smaller, niche systems, the system life cycle is just not the same.

Whether IoT systems are present in the enterprise, in the home or somewhere in between, they are no doubt going to have an impact on information security in business. Traditional security controls may not work for IoT systems, and they could be creating business risks if left in place. What happens when they’re exploited? Who’s going to be responsible for keeping them in check? If this does indeed become a reality for your organization, what are you going to do?

Making Moves

You can’t afford to wait to act until you end up with countless devices on your network, furthering the complexity of your environment and leading to a “too little, too late” situation. You have to start thinking about how IoT systems are going to be managed or otherwise controlled over the long term. They’re going to show up, and they’re going to create security challenges. Even if it’s sight unseen today, now’s the time to start addressing IoT security. Written policies, technical safeguards for detecting and securing IoT systems and user awareness are three great places to start.

More from Endpoint

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…