Do IoT devices really pose a security risk, or is it merely paranoia?
Market data firm Statista projects that by 2025, there will be 75 billion IoT devices in use. Smart devices are now found throughout most commercial offices, yet a lack of security could make them ticking time bombs. IoT devices often come with security shortcomings, and it can be difficult to detect when someone has exploited one of their vulnerabilities.
Why are IoT devices dangerous? It's not a single issue; rather, it's intrinsic to the way that the technology itself works.
IoT devices have been added to modern offices to improve both productivity and convenience. They include security sensors, equipment trackers, inventory management devices, and multimedia systems for the purposes of communication and conferencing. Yet with as many advantages as IoT devices have, they also have risks:
- IoT devices add numerous endpoints to a network. These endpoints are constantly growing and need to be individually managed.
- IoT devices often don't have any internal security. There are many IoT devices that don't come with onboard security at all, or come with very limited security, and must be properly configured to take advantage of these tools.
- Many owners never get around to changing security settings or admin credentials, leaving the device easy to compromise using default settings.
- IoT devices do not provide comprehensive reporting. Even if IoT solutions have some form of security, they usually don't provide an alerting or reporting system.
IoT devices create a perfect storm: they're plentiful, unsecured, and connected directly to a company's network. In a single office building, manufacturing site, school campus, or warehouse, there could be hundreds of IoT devices reporting information to a central location, and only a single one of them would need to be compromised to put the rest of the network at risk.
The Gap Between IoT Insecurity and Network Security
IoT devices tend to have inherently poor security, but that doesn't mean that they need to inherently pose a risk to a network. For them to become a data loss risk, an attacker needs to expand beyond the initial compromise of an IoT device and access and manipulate data across the network.
To defend a network, a security system must:
- Identify anomalous network traffic that could indicate malicious lateral movement. The hard part is that not all anomalies are malicious, resulting in numerous false positives.
- Notice when user accounts are acting in atypical ways, such as users signing in from different locations, copying or accessing large volumes of files, or attempting to alter their own permissions.
- React to the hallmarks of a data intrusion, such as large numbers of files being copied and sent off the network, or staged on a host in advance of exfiltration, or large numbers of files being encrypted.
Machine Learning for IoT Security Solutions
How can an organization counter a risk as potentially pervasive and voluminous as poor IoT security? The answer is machine learning.
To effectively secure today’s networks, organizations must turn to technology. There simply aren’t enough people available to do this manually, and it would be cost prohibitive. Security solutions that incorporate machine learning (ML) can improve detection of advanced threats with limited staffing.
ML for cybersecurity has some advantages particular to dealing with the IoT. ML technology can detect patterns in network data, and is able to learn what "normal" looks like. It's able to learn how a network usually looks and functions, thereby identifying anomalies that may be risk factors, such as increases in data movement or unusual external connections and traffic patterns. And when armed with behavioral analysis in additional to network traffic analysis, it can discern between malicious anomalies and benign ones, avoiding time-consuming false positives. ML also is designed to scale as network traffic grows exponentially with the addition of new IoT devices.
The Internet of Things is here to stay, and there is a definite increase in risk as a result. Security teams who want to be in control of their organizations’ security and ready for anything would be well advised to consider ML-based network tools to detect and contain attacks that originate with IoT devices.
Brian Laing is SVP of Corporate Development and Strategic Alliances at Lastline. For more than 20 years, he has shared his strategic business vision and technical leadership with a range of start-ups and established companies in various executive level roles. The author of "APT for Dummies," Brian was previously vice president of AhnLab, where he directed the US operations of the internationally known security and software leader.