8/26/2019
IoT security: 5 common enterprise networking mistakes
Max Burkhalter
Internet of things technologies have made their way into nearly every commercial, industrial and public sector application imaginable. The fast pace of IoT innovation, however, has left many IT administrators unprepared for the associated security risks, resulting in a number of high-profile breaches that have reshaped the future of smart device deployment.
For one, the lack of standardized cybersecurity practices in the IoT industry has introduced a number of vulnerabilities that have been difficult to mitigate. Take, for example, the recent resurgence of Bashlite malware. According to a report from Trend Micro, this particular strain of malware was most prevalent in 2014, but has since been modified for use in large-scale distributed-denial-of-service attacks. By adding consumer and enterprise devices into a massive botnet, cybercriminals are able to disrupt their targets' internal operations and bring customer-facing resources completely offline.
Currently, these types of security incidents illustrate the limitations of IoT technology as a whole, yet few companies plan to slow down their implementation goals. Market research from Zebra Technologies found that nearly half of enterprises across the world are "aggressively pursuing IoT investments with the goal of digitally transforming their business models." But to stay ahead of mounting cybersecurity concerns, business and IT leaders must recognize the common pitfalls of deploying and managing IoT devices.
Top 5 IoT networking mistakes
According to a 2018 report from Symantec, IoT devices experienced a 600% increase in cyberattacks compared to the previous year. While hardware and software flaws have certainly contributed to the growing number of enterprise security incidents, the impact of human error should not be neglected. In a recent Network World article, Robert Burnett, director of B2B products and solutions at the IT supplier Brother International, shared the top 5 networking mistakes that leave companies open to malicious activity:
1. Lack of access controls: Limiting users' access to IoT devices is crucially important to the overall security of enterprise networks, yet many IT administrations have struggled to put robust authentication systems in place. Companies that do not have complete control over who can access their smart devices, and for what purposes, are often more exposed to internal and external security threats.
2. Failing to update device firmware: When it comes to insulating corporate networks from malware, ransomware and other digital threats, proactive patch management is essential. Cybercriminals are constantly on the lookout for unpatched devices to infiltrate, as a single vulnerable endpoint can grant them access to key administrative processes. Considering most IoT devices are littered with zero-day exploits, it's no surprise that companies have struggled to stay on top of their update requirements.
3. Poor endpoint visibility: Without a unified cybersecurity platform in place, network administrators must rely on a range of siloed IT solutions to secure their business-critical assets. This can prevent enterprises from keeping a close watch on how their IoT devices are used and may impact their ability to respond to security breaches. Environments that rely on a variety of different IoT technologies are at the greatest risk, as older devices rarely have the real-time monitoring capabilities that companies rely on.
4. Inadequate end-user awareness: As mentioned previously, human error can introduce a variety of security flaws into an enterprise's overall IT posture. Phishing scams, in particular, have proven quite effective for stealing users' login credentials and gaining access to sensitive information. Companies that do not train their employees on cybersecurity best practices open themselves up to a range of financial, reputational and compliance issues.
5. Using default credentials: Managing usernames and passwords has always been a bit of a pain point for large companies, but the widespread integration of IoT technologies has only compounded the issue. Nearly all IoT devices come with default login credentials that should be updated pre-deployment, yet many IT professionals overlook this crucial step in the process, according to Sophos. What's worse, most IoT device credentials are available online and can be easily located through the Shodan search engine.
Keeping up with modern cyberthreats can feel like an impossible task, as new strains of malware, social engineering tactics and cryptomining software are released on an almost weekly basis. Luckily, Perle offers powerful connectivity tools that can help organizations maximize their IoT security and storage applications and maintain performance during new deployments. Read some of our customer stories to find out how we've empowered other forward-thinking companies to take full advantage of their IoT systems.