Security firm Kaspersky reveals valuable suggestions for organizations considering new IoT initiatives.
A Kaspersky report titled, “Benefits and challenges of IoT” reveal 28% of organizations with IoT systems faced attacks targeting internet-connected devices in 2019. The first half of 2019 recorded 105 million attacks against IoT devices, found the report. It also highlighted that 36% of companies give third parties access to their IoT systems.
Kaspersky has some observations for enterprises planning for new IoT initiatives.
Focus on assessing the security of the device before implementation
Ensure to opt for IoT devices that have security certificates that verify the level of their level of security. It makes sense to be cautious before installing something that is unrated or vulnerable. Organizations can refer to the Industrial Internet Consortium framework for assessing the security of IoT devices that gives details about how to assess non-certified devices.
Regular security audits and risk assessments are essential
Along with the regular reporting on the state of IT, it is important to check IoT networks that are part of assessments and audits. IT decision-makers should be kept up-to-date on the latest reports and threat intelligence pertaining to IoT networks.
Keep software up to date
One of the most common causes of security vulnerabilities in outdated software, which also applies for IoT devices. As per the report, 86% of organizations had obsolete or vulnerable software. If it is not easy for companies to update IoT devices, they need to be replaced with hardware that makes that process smooth and avoids putting off patches until a more convenient date.
Keep up with vulnerability news
It is crucial to be aware of the newly detected threats, as there is a chance the company’s IoT security could be at stake. Therefore, it is essential to choose the right IoT vendors that prioritize those that enables the update of software based on the root of trust
Network traffic analysis is the key
The report mentions that corporate networks are often used for IoT device communication. An organization’s cybersecurity solution should be designed to analyze network traffic and detect and prevent network attacks covering traffic from IoT devices. Security experts need to integrate the analysis into the enterprise network security system. Ensure the company’s IoT gateway has the ability to secure itself and also to protect connected devices. Make sure the company’s IoT nodes/sensors/devices have onboard security as well.