Manage IoT device security risks

Steve Hanna, Distinguished Engineer, Infineon Technologies

Today, it’s more important than ever for CIOs to manage Internet of Things (IoT) security. Recent attacks on IoT systems have spread from retail to critical infrastructure to typical IT environments.

Countries and regions around the world are creating IoT security guidelines and regulations to prevent IoT attacks. For example, in 2018, the UK Department for Digital, Cultural, Media & Sport published its Code of Practice for Consumer IoT Security (“CoP”). Other countries and regions, such as the United States and the EU, follow their regulations.

What is the impact of IoT on security in my organization?

Most companies are unaware of connected IoT devices within the enterprise, but they have vulnerability priorities. Items with the most critical content and network connectivity, such as PCs, get the highest attention and security protection. Likewise, smartphones, wireless tablets, and cellular networks are also getting enough attention. However, the list eventually stops responding to security issues with certain items. Something as simple as a smart light bulb or even an employee connecting a smart fan to their computer is below the line. The company does not know that it is connected; all it takes is one person with a Wi-Fi password to connect. However, the impact on security can be considerable. Each connected object becomes an entry point allowing attackers to compromise almost anything within the organization, without the necessary protection.

How can this security impact be reduced?

The first step is awareness – knowing what is connected. Find out what things are connected to the network. It can be as simple as performing a network scan – an inventory of what’s connected to the network. It must be followed by deciding what to do with existing connected objects and what must happen for future connected objects. For example, a machine tool that connects to the network will not be replaced, but it must be secure. He is used in the business, and as CIO, his risk must be managed.

Source link