We’re at the end of Cybersecurity Awareness Month, which is a good time to reflect on where your organization needs to improve and extend it’s cybersecurity efforts. If you’re like most organizations the answer is IoT devices and applications; it’s the fastest growing attack surface for most organizations and on track to set a new record for attacks in 2023 (in 2022 there were over 3 billion IoT cyber attacks).
The news has not been good for IoT security over the past year, with high profile devastating attacks including MGM slot machines and payment systems, Cisco routers, and Philips medical devices. Wars in Ukraine and now the Middle East have brought new examples of how IoT devices like IP cameras and building systems are targets for both cybercriminals and combatants. Many organizations, especially consumer-facing ones, are facing board-level edicts to demonstrate they have control over their IoT device and application security before profits and customers disappear. These realities are forcing more organizations to into their technology stack, training process, and managed service options that they have to find, assess, and remediate vulnerabilities in IoT devices that exist in literally all extremes of an enterprise, from sensors on loading docks to cameras hanging outside the building, and to beverage machines inside the cafeteria.
In terms of how to keep building on October’s focus on cybersecurity awareness, here are some steps to take. First, if you don’t already have a regular gathering of people responsible for IoT security now is the time to start. Across facilities, manufacturing, physical security, logistics, and other parts of the enterprise there are several silos that need to be broken, so that best practices can be shared across all teams operating IoT devices and applications.
Another way to build awareness is to revisit the technology stack you’re using and question how it can be improved. For example, many organizations have adopted agentless asset discovery to improve IoT security, and reports from the field are that it takes longer than expected to deploy and even longer to effectively remediate IoT device vulnerabilities. In part this is because asset discovery alone does not provide the context that IoT devices operate in, especially when it comes to the overall application workflow and how all elements need to work together in a tightly coupled fashion. Looking into application-directed discovery and network-based asset discovery can build awareness around the data that is needed and how timely that data is. Best of all, seeing how the two working together can dramatically accelerate the time to remediation and shrinking the attack surface will give success stories that can build more awareness on IoT security.
Finally, look at how automation can drive your IoT security efforts, because unlike traditional IT security there are somewhere between 5x to 20x the number of devices and applications at risk in the IoT space. If you want more details on how automated solutions play a role here, check out our recent webinar titled “Secure Our (IoT) World: Cybersecurity Awareness Month” at: Webinars on Demand – Viakoo, Inc. For even faster action and automation around IoT security, reach out and start a dialogue with managed service providers. The past year has brought many new capabilities on IoT security into the managed services space, and it’s likely your current security service provider or security integrator has new capabilities that can improve security without increasing headcount or incurring delays. As IoT security has grown from a concern to line of business managers to a deeply existential threat the organization as a whole, awareness is happening on its own. Accelerating that awareness will pay off with lower risks, a safer workplace, and even lower costs for cybersecurity insurance. Want to discuss in more depth? Set up time to chat with one of Viakoo’s IoT security experts – we’re just a mouse click away: Request a Viakoo Demo – Viakoo, Inc
*** This is a Security Bloggers Network syndicated blog from Viakoo, Inc authored by John Gallagher. Read the original post at: https://www.viakoo.com/blog/extending-cybersecurity-awareness-to-iot-devices/