Internet of Things (IoT)

How to Secure These Insecure Devices

The IoT Challenge


  • Rapid Growth

    IoT devices will soon outnumber non-IoT devices across the Internet. Gartner estimates that 5.8 billion IoT endpoints will be in use by 2020, a 21% increase from 2019.

  • Highly Vulnerable

    Security is often not baked into the design. Basic security features may be missing or disabled by default.

  • Independently Managed

    Each device is usually stand-alone which means configuration changes and patches must be made at each physical device.

  • Unknown Risks

    IoT Risks are often not understood prior to purchase. It is often tempting to buy the latest IoT without thinking about the security impact of these devices.

  • Pervasive

    IoT find their way into our networks whether through authorized purchases or through back channels. Our Penetration Tests usually find IoT devices that are unknown to the company at the time.

  • Lacking Support

    With fast innovation cycles vendors are trying to quickly get new devices to market, and often do not take the time to address known vulnerabilities in older products.

IoT Resources


Download our in-depth IoT Survival Guide plus gain access to "My Favorite IoT Hacks" webinar (~60-minute duration).

Image
Image

Click the button below to claim these valuable resources.


Access the IoT Survival Guide + Webinar!

What is IoT?



The Internet of Things (IoT) permeates our lives and our networks. When you hear the term IoT, you may think of technology in your “smart home” such as your Nest thermostat, Apple watch, or home security system.

However, IoT has been around for quite some time in the business space from SCADA systems in critical infrastructure, to legacy medical devices (e.g. patient monitors, infusion pumps) in healthcare, and printers. Other IoT includes:

  • VoIP Phones
  • Digital Displays & Televisions
  • Smart Lights
  • Cars
  • Appliances, HVAC
  • Out-of-Band Management Controllers (e.g. HP iLO, DRAC)

Gartner defines IoT as "...the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment."


How Do I Secure IoT?


Image

The IoT Defensive Strategy checklist found in the IoT Survival Guide can be used analyze your IoT defenses.

  • Identify your security blind spots
  • Ensure critical IoT defenses are in place
  • Gain actionable next steps for maturing your IoT defensive posture

What About NIST CSF?


IDENTIFY your IoT, PROTECT your critical assets from insecure IoT (and your IoT from its threats), DETECT IoT compromise, and be able to RESPOND and RECOVER from an IoT incident.

Learn the key controls to have in place and how they map to the NIST CSF.

Image
Image

Hacks Covered in the "My Favorite IoT Hacks" Webinar

HP Printer

How I leveraged a printer vulnerability to gain domain administrator access.


Veeder Root

An exploit against a fuel tank monitoring system.


Crestron Panel

When these devices begin attacking your network, you know something is up.


Mirai Botnet

How default credentials led to widescale DDoS attacks.


Wireless Router

What can happen when a consumer-grade wireless router ends up on your corporate network.


Konica Minolta Printer

How to gain access to hidden Konica Minolta Printer credentials through a rogue LDAP server.


Meteobridge

How home brew devices can put your network at risk.


DRAC and HP iLO

Exploits against common out-of-band management controllers.



Internet of Things (IoT) Survival Guide

Protect Your Critical Assets While Accommodating IoT

This IoT Survival Guide was created for organizations who need to securely incorporate IoT into their environment.

This value packed IoT Cybersecurity Survival Guide will cover the following topics:


  • A Historical Perspective of IoT

    A look back at a memorable IoT hack from 2009 that threatened many networks.

  • What is IoT?

    Starting with a common definition of IoT is crucial. It is more than just your “smart home.”

  • Why is IoT is a Challenge?

    IoT presents a security challenge because of six defining characteristics.

  • Strategies for Assessing Your IoT Risk

    Learn to apply foundational cybersecurity principles to IoT risk.

  • NIST Cybersecurity Framework (CSF) and IoT

    How the NIST Cybersecurity Framework can be used to address IoT risk.

  • IoT Defenses

    The variety of defenses that can be used to mitigate IoT risk.

  • IoT Checklist

    A checklist you can use to analyze your defensive posture with IoT devices.


About the Author:

Geoff Wilson

Geoff Wilson is an innovative cybersecurity thought leader with deep experience in defensive cybersecurity strategies. Having studied at Carnegie Mellon University and trained at the National Security Agency, Geoff brings 17 years of cybersecurity experience to your organization. In his many cybersecurity roles, Geoff has been an IT Auditor, Penetration Tester, Risk Assessor, Forensic Analyst, SOC Engineer, Information Security Officer, Software Developer, Author, University Professor, and Consultant. Geoff is a business leader having founded Go Security Pro in early 2019 with his co-founder Susan Wilson. Geoff regularly speaks at conferences, presents to executive leadership and boards, and can get in the technical weeds with IT professionals. Geoff treats every engagement as a knowledge transfer opportunity and every client with the utmost care. He is ready to assist you with your cybersecurity challenges.

Image Image

Click the button below to watch the "My Favorite Hacks" webinar & download the IoT Survival Guide!


Access the IoT Survival Guide + Webinar!