An IoT hack can have very serious consequences. A living example of that is a Russian PIR Bank that recently lost $1,000,000, because hackers managed to gain entry to its local network via a compromised router.
As the Internet of Things grows, so will the malicious hacking incidents. According to Gartner, IoT is going to expand to 20.4 Bn devices by 2020. Both home and enterprise networks cannot be protected by legacy security measures.
Networks in Danger
A lot of IoT gadgets are connected to the internet, and at the same time, they are left alone without proper supervision, maintenance, and support. That may include routers, or a variety of other simple devices.
Such devices are very attractive to hackers, and that is why they pose a risk to the networks they belong to. They can become initial entry points to gain access into various networks, whether they belong to consumer homes or big corporations.
There was an incident recently that is a very good illustration of this vulnerability. A hacker group MoneyTaker stole roughly $1,000,000 from a Russian PIR Bank. Clearly, it is a big company that probably spends millions on security each year – and yet, it did not have enough control and capabilities to protect the vulnerable entry point within its network.
The key for hackers is to get into the network. Once the invaders are in, they can move laterally without using any malicious software or advanced malware. To achieve their goals and gather as much information as they can, the hackers will use pre-existing tools and non-malicious scripts.
A lot of the time, hackers plan to steal money, exfiltrate data, or damage a brand by encrypting all of the intellectual property and business-critical data. Unfortunately, pricy endpoint solutions and antivirus agents might do little to nothing when it comes to detecting different attack patterns.
Protecting the Weak Link
Generic networking equipment and IoT devices are the weak link in any network. While layered security is still crucial, it is essential to be aware of this weakness.
These devices often do not receive continuous firmware and software updates, have low lifetime support and are not powerful enough to host an antivirus or other security agents. Additionally, they are consistently left alone without proper supervision.
The threats are evolving rapidly. In order to ensure sufficient security, it is imperative to keep up with these changes. To successfully do that, traditional security solutions must be left behind. Companies should switch to the next generation approach, and focus on artificial intelligence powered security controls.
AI-driven solutions can precisely map a network and identify all the devices. That even includes the ones that are left alone on the edge of a network. Companies using such approaches are able to spot anomalies in real time, identify atypical network traffic patterns, as well as proactively track and flag outdated devices.
In order to avoid irreversible damage, it is crucial to use next-gen solutions to protect networks. They can provide end-to-end visibility and control of any assets, as well as identify potential vulnerabilities so as to make the network challenging to penetrate.
Best Business Practices for Security
A solid foundation can help build up a strong and resourceful cybersecurity culture at any company. A lot of organizations face significant network expansions, as well as have different technologies that are not easy to protect. However, there are a few things for the Security Operations team to do first that can be defined as baseline best cybersecurity hygiene practices:
- Define the exact boundaries of an interconnected enterprise network. The most important things is for each NOC and SOC to know the precise boundaries of an enterprise network within which all duties are performed. Of course, that should cover both wireless and remote connections, as well as branches and access points in remote areas. It must also include any cloud computing and S3 buckets that can potentially be accessed externally.
- Enable precise and real-time asset management. This is another perpetual task for each SOC and NOC team. They all need to know every device that is connected to a company’s network. Installed-and-forgotten devices can become easy entry points for criminals, causing a lot of damage to a company, its assets, and brand. The Russian PIR Bank example showcases the exact consequences of forgetting this key tip.
- Ensure configuration and software update management of all devices. Establishing a clear process is important. All technology teams must always be aware of each device’s configuration. That allows them to introduce a streamlined and automated patch management strategy and protection for legacy licensed software components.
- Introduce Identity and Access Management (IAM) program. In order to protect the network, it is crucial for a company to know who is accessing the infrastructure and when. That also includes the exact privileges that users or employees have to operate on these devices.
- Implement User Behavior Analytics (UBA) solutions. Such solutions help the SOC and Security teams to be aware of what employees do while accessing enterprise resources. It also allows defining normal and potentially suspicious behaviors. Because hackers try to act as like regular users to avoid raising suspicion, knowing how real regular users act is a must. Behavioral-pattern-building solutions can help detect outsiders in a company’s network.
A lot of routers are not designed with security in mind. That is why companies should not completely rely on their default firmware. The Security teams should configure these devices correctly using additional security configurations (user management software, internal access/external access). Once that is covered, the router becomes much more reliable in terms of its security.
Of course, to ensure an entire network’s security is difficult to penetrate there are a lot of other measures that need to be implemented. These practices described above, however, are a foundation to that. A comprehensive and sustainable security strategy is not easy to be built, but following best cybersecurity hygiene tips can help eliminate the human factor and prevent initial hacking attempts.