On their own, gadgets aren’t particularly tempting targets when it comes to IoT security. In large numbers, however, as Mirai malware demonstrated in 2016, infected, conscripted, and centrally-controlled gizmos can flood a target’s servers with malicious junk traffic. In this case, the botnet disrupted service for more than 900,000 Deutsche Telekom customers in Germany, and infected almost 2,400 TalkTalk routers in the UK.
Enterprises are adopting IoT applications, but the speed of advancing technology—file-based as well as file-less techniques such as in-memory attacks and PowerShell scripts—makes 78% of IT decision-makers think it’s somewhat likely that their organizations will experience data loss or theft enabled by IoT devices within the next two years.
According to Gartner 2017 estimates, 8.4 billion active connected devices are currently in existence. So, what can an enterprise do to neutralize IoT security risks?
A horizontal platform is highly effective for IoT security
A horizontal platform makes it easy for manufacturers to distribute security updates quickly, and is more likely to secure sensitive data from its point of origin to its destination. It requires consistent, open standards rather than proprietary approaches.
In the move toward fully connected environments, enterprise architects will be working with system integrators that can make common off-the-shelf components fit with both their current IT infrastructure and their evolving enterprise IT environments. A horizontal platform breaks the silos of the M2M world, facilitating new application development and security reusing the platform features.
Common infrastructures let users (application developers, device manufacturers, and service providers) share platform functions and data, and the connected environments are developed quickly and more cost-efficiently, says Nokia’s Marc Jadoul, Market Development Director for IoT. To onboard devices securely, Nokia’s IMPACT platform collects and analyzes the data gathered, which is then exposed through an API (application program interface) layer that allows for adding flexible devices and use cases without programmatic change.
To counter emerging and advanced threats such as data breaches, ransomware, and exploit kits, the most reliable endpoint security solutions use a mix of machine learning, exploit prevention, threat intelligence, behavioral analytics, multi-layered protection, endpoint detection/response, and integration with other security tools. For example, the Nokia platform for IoT device management implements the latest Lightweight M2M security model, backed by NetGuard (Nokia’s security portfolio) to monitor IoT devices, detect malware, identify anomalies/draw correlations between events in various parts of the network, and set security parameters to minimize the chance of successful attacks.
Technology-enhanced security risks to IoT devices are out there, but so are solutions. For enterprises, endpoint security isn’t a matter of specific products, but rather a deliberate deployment of existing capabilities and policies, while keeping an eye out for future developments.