IoT device security: 5 tips for enterprises

2020-02-13 18:58

"Because it's all embedded devices, it's up to the manufacturer to go ahead and distribute patches or firmware updates in order to secure the device. That's a problem because these are inherently security flawed devices," said Jonathan Langer, CEO of IoT security company Medigate.

"The first basic thing I'd do as an enterprise is get visibility. I need to understand what IoT devices are connected to my network. IoT devices are perceived as something the IT department is in charge of, but employees can bring in connected refrigerators or security cameras and plug it into the network," Langer said, adding that those kinds of devices "Introduce risk into the network."

"Attackers are using IoT for lateral movement. They go through these devices in a network and try to reach an entry point or a segment of the network with valuable information. That east-west lateral movement is the most difficult. Cyberattackers are taking advantage of the vulnerable nature of the IoT devices to pivot or propagate within the network."

"Attackers are using IoT for lateral movement. They go through these devices in a network and try to reach an entry point or a segment of the network with valuable information. That east-west lateral movement is the most difficult. Cyberattackers are taking advantage of the vulnerable nature of the IoT devices to pivot or propagate within the network," Langer said.

"Even if I sell you the most secure IoT device in the world and I've done all my penetration testing, one day later some hacker will find a new vulnerability that exposes that device, and the only way to remediate that vulnerability will be through a security patch. Companies have to have a process in place to remediate it remotely."

News URL

https://www.techrepublic.com/article/iot-device-security-5-tips-for-enterprises/#ftag=RSS56d97e7

#IOT #security