Internet of Things (IoT) devices are proliferating into unanticipated areas of businesses and personal lives. The explosion of IoT devices follows the familiar pattern of the bring-your-own-device (BYOD) movement, which has infiltrated the same spaces. What differentiates the two categories is the number of items and the cost of individual devices. But while the differences are substantial, IT can learn from its experience securing the BYOD population.

Threats Hidden in Plain Sight

The introduction of BYOD into the enterprise may have been unauthorized, but the products were typically not hidden. The smartphones, smart watches and other intelligent devices were generally used in plain sight, but the risks they posed included allowing unauthorized and unsecured access to enterprise systems through personal devices that were being used for work purposes. The fact that enterprise-level products could be put into service without IT oversight or proper security precautions took analysts by surprise. It also generated a rush to create software and services that could be installed on user-owned units and in enterprise infrastructure to reduce the threats they posed.

Similarly, these new smart products carry a variety of robust technical capabilities, such as communication and data transfer. They are also arriving without IT authorization or vetting. This time, however, they are not in plain sight: In many cases, the IoT components are embedded as part of some larger product. Most importantly, like BYOD, IoT devices notoriously lack security.

The Internet of Everything

IoT devices are often small and inexpensive components that add smart capabilities to the products that host them. Consumer products such as thermostats, smart TVs and refrigerators benefit from communications, sensor reading, and video and sound recording. In the enterprise, IoT devices such as copy machines, HVAC systems, VoIP phone systems and intelligent subsystems can be breached in under three minutes, according to a ForeScout report.

Unlike BYOD devices, which are comparatively fewer in number and generally costlier, IoT devices number in the billions and often cost just a few dollars. Manufacturers have little incentive to enable security measures in each device. Even if they did, standards for IoT security implementation have yet to be ratified.

Securing IoT Devices

You should assume that smart products currently exist in your enterprise. Here are the most important steps to take to manage and secure these devices.

  • Identify which devices have communication capabilities. If a device connects to your network and sends alerts, communicates with its manufacturer for warranty updates or provides any other indication that it is using its network connection to reach outside the enterprise, add it to your list of enabled systems.
  • Connect devices to your network only if there is a demonstrable benefit. If a device can function properly without a network connection or if its connection only provides marginal utility, disconnect it and test its functionality. Before reconnecting, ask the manufacturer how the product is intended to communicate and what measures have been taken to secure it.
  • Create a separate network specifically for smart device connections.
  • Disable Universal Plug and Play (UPnP). Do not allow automatic discovery and connection for networked devices. Make certain that any devices that request network access are reviewed for security and connected to the proper network segment.
  • Update firmware where possible. Contact manufacturers for updates to their firmware and ask about procedures they have taken to add security measures to the systems you use.

The population of IoT-enabled systems in the enterprise will continue to grow. IT must act now to establish procedures to evaluate the connections and systems currently in use and add appropriate evaluation criteria to standard purchasing procedures for new additions.

Listen to the podcast: The Evolution of Consumer IoT

More from Endpoint

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…