Internet of Things (IoT) devices can be invaluable to companies as they can operate their security camera systems, locks, lighting, heating and cooling systems and more through wireless connectivity. While these devices can make enterprises’ operations more efficient, they can be vulnerable to cyber criminals if they’re not property secured, according to Microsoft.
Hackers often take advantage of improper network configurations like default credentials to access a company’s wireless network or IoT devices. Once they do, hackers can find other assets on that network, locate other weak spots and plan bigger attacks on sensitive equipment and devices.
For example, Microsoft researchers recently investigated a UK-based water utility provider that had exposed IoT devices in its networks. The research team discovered the company was using routers meant for home use, and hackers were abusing a remote code execution vulnerability in the devices. Once the hackers had access to devices, they could run malicious commands on them, move throughout the company’s network and access additional vulnerable devices that weren’t directly connected to the Internet like SCADA systems. The systems enable water plants to monitor levels of specific chemicals and toxins and to collect records of the systems.
The attack did not appear to have included abusing those systems, according to Microsoft, but the potential for these system files to be accessed and released reinforces the need to protect IoT devices and wireless networks.
Recognizing this importance, Microsoft shared four tips enterprises can use to shield their networks and IoT devices from cyber criminals:
Adopt a comprehensive IoT and Operational Technology (OT) security solution
IoT-specific cybersecurity solutions that offer visibility and can monitor all IoT devices, detect threats and mitigate vulnerabilities can protect networks against cyberattacks, according to ZDNET.
Enable vulnerability assessments
It’s critical for companies to spot any unpatched IoT devices in their organizational network and set workflows to initiate an appropriate patching process. Regular, proactive vulnerability assessments are the best way enterprises can locate any holes and address them before hackers find and exploit them.
Reduce the attack surface
The fewer unnecessary Internet connections to IoT devices a company has, the fewer opportunities hackers have to cause any serious harm. Businesses should eliminate any connections to IoT devices that they don’t absolutely need. Additionally, companies should apply network segmentation, ZDNET reports. This makes it possible to move to industrial control systems, or other critical systems, if an IoT device is ever breached.
Increase network security
A wireless network or IoT device can never be too secure. Companies can benefit from adding more security measures to their network, such as multi-factor authentication. This way even if a hacker steals someone’s username and password, they can’t access any systems. Network protection can also keep applications or users from accessing malicious domains and content on the Internet, according to Microsoft.
“Given the severity of these attacks and their potential impact on the utility providers’ operations and even the safety of their customers, it becomes crucial to recognize the importance of proper security practices around IoT and OT unmanaged devices to ensure that such attacks do not happen,” the Microsoft Security Threat Intelligence team said. “Defenses set up for OT networks must be comprehensive, able to prevent unauthorized system access and should include detections for abnormal, unfamiliar, and malicious behaviors after a breach.”