I was reading my daily updates on cybersecurity and ran across an article submitted by the Microsoft Security Response Center and wanted to share the info with all of the SMBs and home office type people. Have you noticed the convenience of devices that run our daily lives? These are grouped as “Internet of Things” or simply IoT devices. They are VoiP phones, digital thermostats, wireless doorbells and cameras, etc. These devices are designed to easily connect to a network with little or no management required. Anyone who is concerned about data security needs to be alert and begin monitoring these convenience devices. It is estimated that by next year, about 50 BILLION IoT devices will be deployed worldwide. That is a lot of unmonitored devices that can be exploited by cyber-criminals.
If you are a large enterprise you defend against IoT devices with hardware such as the Securolytics IoT defender. If you are an SMB (Small-Medium Business), you should consider having regular vulnerability scan performed by a cybersecurity company. Grey Wolf Cybersecurity performs these vulnerability scans for as little as $560.
In April, security researchers in the Microsoft Threat Intelligence Center discovered cyber-villains were communicating a VOIP phone, an office printer, and a video decoder. The investigation uncovered that a cyber-villain had used these devices to gain initial access to corporate networks. In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords. Once the act had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data.
Today we are sharing this information to raise awareness of these risks across the industry and calling for better enterprise integration of IoT devices, particularly the ability to monitor IoT devices. The number of deployed IoT devices outnumbers the population of personal computers and mobile phones, combined. With each networked IoT device having its own separate network stack, it’s quite easy to see the need for better enterprise management, especially in today’s “bring your own device” world.
Recommendations for Securing Enterprise IoT
There are additional steps an organization can take to protect their infrastructure and network. Microsoft recommends the following actions to better secure and manage risk associated with IoT devices:
- Require approval and cataloging of any IoT devices running in your corporate environment.
- Develop a custom security policy for each IoT device.
- Avoid exposing IoT devices directly to the internet or create custom access controls to limit exposure.
- Use a separate network for IoT devices if feasible.
- Conduct routine configuration/patch audits against deployed IoT devices.
- Define policies for isolation of IoT devices, preservation of device data, ability to maintain logs of device traffic, and capture of device images for forensic investigation.
- Include IoT device configuration weaknesses or IoT-based intrusion scenarios as part of Red Team testing.
- Monitor IoT device activity for abnormal behavior (e.g. a printer browsing SharePoint sites…).
- Audit any identities and credentials that have authorized access to IoT devices, users and processes.
- Centralize asset/configuration/patch management if feasible.
- If your devices are deployed/managed by a 3rd party, including explicit Terms in your contracts detailing security practices to be followed and Audits that report security status and health of all managed devices.
- Where possible, define SLA Terms in IoT device vendor contracts that set a mutually acceptable window for investigative response and forensic analysis to any compromise involving their product.