Internet of Things (IoT)

How to Secure These Insecure Devices

The IoT Challenge


  • Rapid Growth

    IoT devices will soon outnumber non-IoT devices across the Internet. Gartner estimates that 5.8 billion IoT endpoints will be in use by 2020, a 21% increase from 2019.

  • Highly Vulnerable

    Security is often not baked into the design. Basic security features may be missing or disabled by default.

  • Independently Managed

    Each device is usually stand-alone which means configuration changes and patches must be made at each physical device.

  • Unknown Risks

    IoT Risks are often not understood prior to purchase. It is often tempting to buy the latest IoT without thinking about the security impact of these devices.

  • Pervasive

    IoT find their way into our networks whether through authorized purchases or through back channels. Our Penetration Tests usually find IoT devices that are unknown to the company at the time.

  • Lacking Support

    With fast innovation cycles vendors are trying to quickly get new devices to market, and often do not take the time to address known vulnerabilities in older products.

IoT Resources


Download our in-depth IoT Survival Guide plus gain access to "My Favorite IoT Hacks" webinar (~60-minute duration).

Image
Image

Click the button below to claim these valuable resources.


Access the IoT Survival Guide + Webinar!

What is IoT?



The Internet of Things (IoT) permeates our lives and our networks. When you hear the term IoT, you may think of technology in your “smart home” such as your Nest thermostat, Apple watch, or home security system.

However, IoT has been around for quite some time in the business space from SCADA systems in critical infrastructure, to legacy medical devices (e.g. patient monitors, infusion pumps) in healthcare, and printers. Other IoT includes:

  • VoIP Phones
  • Digital Displays & Televisions
  • Smart Lights
  • Cars
  • Appliances, HVAC
  • Out-of-Band Management Controllers (e.g. HP iLO, DRAC)

Gartner defines IoT as "...the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment."


How Do I Secure IoT?


Image

The IoT Defensive Strategy checklist found in the IoT Survival Guide can be used analyze your IoT defenses.

  • Identify your security blind spots
  • Ensure critical IoT defenses are in place
  • Gain actionable next steps for maturing your IoT defensive posture

What About NIST CSF?


IDENTIFY your IoT, PROTECT your critical assets from insecure IoT (and your IoT from its threats), DETECT IoT compromise, and be able to RESPOND and RECOVER from an IoT incident.

Learn the key controls to have in place and how they map to the NIST CSF.

Image
Image

Hacks Covered in the "My Favorite IoT Hacks" Webinar

HP Printer

How I leveraged a printer vulnerability to gain domain administrator access.


Veeder Root

An exploit against a fuel tank monitoring system.


Crestron Panel

When these devices begin attacking your network, you know something is up.


Mirai Botnet

How default credentials led to widescale DDoS attacks.


Wireless Router

What can happen when a consumer-grade wireless router ends up on your corporate network.


Konica Minolta Printer

How to gain access to hidden Konica Minolta Printer credentials through a rogue LDAP server.


Meteobridge

How home brew devices can put your network at risk.


DRAC and HP iLO

Exploits against common out-of-band management controllers.



Internet of Things (IoT) Survival Guide

Protect Your Critical Assets While Accommodating IoT

This IoT Survival Guide was created for organizations who need to securely incorporate IoT into their environment.

This value packed IoT Cybersecurity Survival Guide will cover the following topics:


  • A Historical Perspective of IoT

    A look back at a memorable IoT hack from 2009 that threatened many networks.

  • What is IoT?

    Starting with a common definition of IoT is crucial. It is more than just your “smart home.”

  • Why is IoT is a Challenge?

    IoT presents a security challenge because of six defining characteristics.

  • Strategies for Assessing Your IoT Risk

    Learn to apply foundational cybersecurity principles to IoT risk.

  • NIST Cybersecurity Framework (CSF) and IoT

    How the NIST Cybersecurity Framework can be used to address IoT risk.

  • IoT Defenses

    The variety of defenses that can be used to mitigate IoT risk.

  • IoT Checklist

    A checklist you can use to analyze your defensive posture with IoT devices.


About the Author:

Geoff Wilson

Geoff Wilson is CEO and Security Pro Coach at Go Security Pro. Geoff helps companies with complex cybersecurity obligations create momentum around a simple, prioritized plan that supports the business goals. Geoff has a Master of Information Security from Carnegie Mellon University and a Computer Science degree from the University of Oklahoma. He taught a graduate-level Information Security course at the University of Oklahoma for four years. Geoff is a published author, has worked with the National Security Agency, has consulted with the Executive Office of the President, and has been in Information Security for 17 years.

Image Image

Click the button below to watch the "My Favorite Hacks" webinar & download the IoT Survival Guide!


Access the IoT Survival Guide + Webinar!