Internet-enabled devices are emerging more and more in business and personal environments. Often going unnoticed, they simply appear within network infrastructures, using wired or wireless connections and expanding the enterprise attack surface.

In fact, enterprises nowadays likely have more internet of things (IoT) devices on their networks than traditional endpoints — according to Armis, by the year 2021, over 90 percent of enterprise devices will not be manageable by traditional IT security tools. IBM predicted that we would surpass 25 billion connected devices in 2020, a number that is likely to continue increasing in the future. Across all industries, the IoT is becoming a major security topic.

Threats to IoT devices are hard to detect: Cyberthreats are often the result of IT constraints, such as digitization, as-a-service models or predictive maintenance. The technology is designed to connect easily and to communicate and transmit data, but security is often left behind. Manufacturers implement their IoT solutions in multiple ways, and devices are typically difficult to update and “un-agentable.” Ask yourself how many of these kinds of devices are operating in your offices, included with the facilities you’re using or surrounding you while traveling or working from home?

All of this leads to an unknown attack surface and highlights the need for holistic IoT threat management solutions.

The Risk of Unmanaged IoT Devices

To get a sense of the risk associated with IoT devices, check out this 2018 quote from the FBI’s Internet Crime Complaint Center (IC3): “Cyber actors actively search for and compromise vulnerable Internet of Things (IoT) devices for use as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation.” Screen the internet and you’ll find comparable statements from multiple sources that emphasize a change in mindset.

From a threat management perspective, there is no logic in securing and monitoring IT equipment while ignoring the IoT devices active in the same environment. Organizations must consider IoT devices as well.

Gain Visibility to Enhance IoT Threat Management

An effective threat management program needs to discover, identify and analyze all types of unmanaged and managed IoT devices linked to enterprise architecture, adjusting the past threat landscape to today’s reality. The first step is to passively detect unknown device types, gathering product information such as type, model, manufacturer, installed operating system and applications.

Second, learn about device connections, normal behaviors and associated risks. Keep in mind that there are different types of IoT infrastructures, from dumb sensors to highly sophisticated solutions. Be prepared to uncover an undiscovered universe along with many unknown vulnerabilities. Here, a risk scorecard can help prioritize any follow-up activities.

Another challenge arises with IoT solution complexity; a detected IoT device may only be the tip of the iceberg. What about manufacturers’ IoT platforms or the intended life cycle of solutions operating in our environments? Have they been designed and implemented securely, and are they operated in a secure manner? Or, think of vulnerabilities discovered during security operations: Can the IoT infrastructure be updated, is there an update available or do we need to continue operating a vulnerable IoT solution just because it hasn’t been depreciated yet? More and more, whether or not IoT solutions and services are certified to be secure by design will no doubt become important purchasing criteria.

IBM Security recently introduced a managed security service that covers IoT threat management. Based on the world’s largest device recognition database, the artificial intelligence (AI)-supported service is able to detect and monitor devices and identify real-time behavioral anomalies.

Learn more about IBM X-Force Threat Management

More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read