Overcoming the IoT’s Security Challenges

Featured article by Tom Kelly, CEO, AccelOps

Governments, utilities and businesses from every sector are embracing the possibilities of the Internet of Things (IoT). This interconnected environment promises safer public parks, more efficient factories, better healthcare – imagination seems to be the only limit when it comes to applying the IoT to today’s needs.

However, for the positive action of all these improvements to work and life, there is at least an equal negative reaction. Gartner analysts recently revealed that by 2020, firms will have increased annual security budgets by 20 percent (up from less than one percent in 2015) in order to address security compromises in the IoT. Even more disturbing is that Gartner expects that a black market exceeding $5 billion will exist to sell fake sensor and video data for enabling criminal activity by 2020.

The speed at which connected devices are entering organizations is dizzying. From security cameras to smart TVs, wearables to point-of-sale systems and copy machines to the employee refrigerator are coming into the corporate environment today, creating pin holes across the enterprise security landscape. It is clear that the malicious intent of hackers has not only increased, but it has become more creative. The reality is that the IoT is changing everything, especially cyber security, and without the proper tools, it is nearly impossible to know what is connecting to your network.

IoT’s Cost-Benefit Analysis

The way that cybercriminals operate is shifting in response to the advancement of the IoT. What used to be an individual hacker or two looking to make a buck or wreak havoc on a particular network has turned into a more distributed and better-organized crime fabric.

Though smart devices have many benefits, greater efficiency among them, they may soon create more of a negative impact than a positive one. By using connected devices that are agentless, malicious actors are able to gain access to corporate networks and may not be discovered until after an attack.

It’s not just IoT devices; now IoT vendors join the already-complex world of corporate suppliers. CISOs now must extend their security monitoring policies and procedures to incorporate every supplier and vendor in the supply chain, no matter how benign their products might seem to network security.

This is not just worst-case-scenario thinking; it’s happened. Recently, a major carrier suffered a breach when hackers posted 300,000 customer records online. Imagine the look on the CEO’s face when he learned that the data was stolen from a third-party marketing firm involved in the carrier’s supply chain. Smart CISOs and CIOs must look to implement vendor risk management processes as part of their own operational security reviews before they find themselves facing an angry board of directors who are looking for answers as to how the latest breach occurred.

Five IoT Security Recommendations

With such a massive proliferation of endpoints, security, availability and compliance have become inextricably intertwined. More importantly, if you can’t see it, you can’t protect it, so before proceeding, be sure you know what is connecting to your network. Here are five recommendations to manage the corporate IoT environment.

1. Get more accurate correlation. Use real-time network topology monitoring and best practices to improve correlation accuracy. Best-of-breed solutions incorporate rich analytics collection and cross-correlation along with third party big data analytics tools to help network and security operations personnel apply methods that are faster and more accurate. If you can’t measure it, you can’t fix it.

2. Step up your cross-correlation. It’s no longer good enough to simply monitor your network. Correlate across security, availability and performance for events, logs and configuration files. Today’s security challenges require that network operations and security operations work together to ingest all meaningful data for analysis. Gone are the days of keeping technology domains in silos. By pulling together all available network data, it is possible to turn data collection into a weapon against hackers and create actionable information that provides a mechanism for improved root cause analysis.

3. Facilitate network forensics. Look for solutions that help ingest more than just an event, but also correlate performance, log and security data. Map user identities, locations and behaviors to facilitate network forensics. Additionally, by looking at user IDs, locations and behavior patterns, you can determine if the user connecting to the network through proper login and password entries is authorized or is a malicious actor with stolen credentials.

4. Keep compliance audits in mind. Ask vendors if their solutions report across common compliance frameworks such as PCI, ITIL, COBIT, SOX, HIPAA etc. No matter your industry, establish a compliance posture for formalized management and gain a deep understanding of how compliance failures may affect your organization. Look beyond the revenue impacts and potential for fines to things like impact on brand, reputation, trust with customers, supplier relationships and employee productivity.

5. Speak “business” to describe security health. Does upper management understand what has happened after a breach? With accountability moving down the chain of command, it is more important than ever to use the language of the business stakeholder. Communicate issues so that business people understand how IT affects the health of the business.

Managing the New Threat Landscape

The Pandora’s Box of IoT has been opened, and there’s no closing it now. IoT devices will come from both known and unknown sources. These devices provide the promise of many new and useful tools in the ability to perform business better and to predict unforeseen risks. Where you have identified the needs for IoT devices in your organization, insure you fully understand the risk benefit analysis, before deploying them. Methodologies such as Synthetic Transaction Monitoring can help you safely identify what the baseline behavior, or “normal” functionality, is as well as expected behaviors for how it should interact with other devices, and applications in the network.

It is important to insure these devices—like any vulnerable and protected resource—are kept behind trusted firewalls and, as with any device in your network, constantly monitor them for changes against normal. Other best-practice methods include establishing a “multi-tenant” reporting environment consolidating and isolating IoT devices into a unique and highly granulated reporting domain.

IT security teams will serve their organizations well by finding solutions that put an end to data silos and use real-time, cross-correlated analytics for a big-picture view of the network. Tools of this caliber assist in faster identification of threats, leading to faster responses and a reduced chance of data breaches. That’s an improvement everyone can get behind.

About the author:

Tom Kelly is a technology industry veteran, having led companies through founding, growth, IPO and strategic acquisition. He has served as a CEO, COO or CFO at Cadence Design Systems, Frame Technology, Cirrus Logic, Epicor Software and Blaze Software. Tom led successful turnarounds at Bluestar Solutions, MonteVista Software and Moxie Software, having served as CEO in repositioning and rebranding the companies in advance of their new growth. He serves on the Boards of Directors of FEI, Fabrinet, and ReadyPulse. Tom is a graduate of Santa Clara University where he is member of the University’s Board of Regents.