IoT Security: Post Pandemic Best Practices
By Heleena Thivya
While Covid-19 has resulted in a drop in demand for most industries, it happens to raise demand in the cybersecurity industry. As on May 21, 2020, one of the leading cybersecurity vendors, Palo Alto Networks, proposed Q4 2020 revenue guidance & CEO Nikesh Arora states: “Covid-19 accelerated the [security] trends in the direction of integration, consolidation, and cloud transformation.”
The Reality Grounds
While Covid-19 has resulted in a drop in demand for most industries, it happens to raise demand in the cybersecurity industry. As on May 21, 2020, one of the leading cybersecurity vendors, Palo Alto Networks, proposed Q4 2020 revenue guidance & CEO Nikesh Arora states: “Covid-19 accelerated the [security] trends in the direction of integration, consolidation, and cloud transformation.” According to an April 2020 report from IoT Analytics, the IoT Security Market has faced an increase of cyberattacks in the early months of the COVID-19 crisis and has raised the importance of IoT security in light of the growing demand. Generally, securing an Internet of Things (IoT) infrastructure requires a precise security-in-depth strategy to secure cloud data, protect data integrity, data devices, and more.
It’s important to ensure IoT security as IoT is a connected network of devices or appliances that comprise software that enables them to connect to the Internet. This means that not just computers and smartphones that get to expose your personal data to hackers but any device or system that interacts online has the potential to reveal personal information to cybercriminals. The leaked information opens up wider opportunities for hackers to disable safety features and many more. Thus, it’s imperative to take up best practices for IoT security.
Revisit & Make A Proper Assent Inventory Management
One immediate priority after an organization resumes work during the pandemic is to review corporate security strategies and ensure a decent overview of the inventory of assets and IoT devices. It’s recommended to build a broad review of asset inventory with a much deeper knowledge of individual assets.
A proper asset inventory management includes the following:
Asset Tracking– The first essential thing is to build a detailed list of all the assets including the hardware and software specifications. Traffic Pattern Analysis – Make a broad analysis of the typical traffic network between devices so as to observe the abnormalities and get to know the potential attacks. Also, the analysis allows for running software tools for automated threat detection/response. Updated Assets – Update the assets and keep track of all the updates and patches as it eases the lifecycle management for the enterprise. Response On Attack– Assets on facing attack either cyber or physical should be able to make a rapid response. The quicker it locates and fixes an asset, the lesser would be the costs for the organization.
Scan & Scale Down Shadow IoT Devices and Increase Cyber Security
Another security issue that the Covid-19 crisis has given rise to is shadow IoT devices or when employees who have been working at home bring unauthorized IoT devices to the enterprise. In such cases of bringing unauthorized devices arises a significant source of vulnerability at every level of the organization. This is because these devices increase the attack surface by giving access to an enterprise network while having little security measures. In Feb 2020, a leading cloud security provider, ZScaler, announced that their track result showed a 1500 percent increase in IoT devices usage increase at enterprises. Their observation of unauthorized IoT devices included digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smartwatches, and even automotive multimedia systems. And each of these assets can be used as a point of exposure to get access to an enterprise network. Hence, IT and security professionals at enterprises should pay more attention to this phenomenon and double down on educating employees about security hygiene practices.
Cloud & Security Applications Management
Certain companies who receive their tools and applications from an “on-premise” setup to the cloud before the Corona pandemic managed them with ease. Accounting to this many technology executives and experts consider that cloud adoption might be on a massive rate post lockdown. Cloud security will then play a major role as security tools hold many benefits with other cloud-hosted applications such as to scale new assets quickly, remotely apply software patches, and easily integrate with other tools through standardized APIs. Meanwhile, cloud connections can also encounter an increase in the risk of exposure or data breaches. Now is the time for IT, Security, and Operations departments to make a thorough risk assessment to decide on which apps to be on cloud and on-premise.
Security Automation with AI & Software Tools
The rapid development of AI and Machine Learning capabilities have made AI-based security tools to deliver better and often faster outcomes. Professionals and Security departments should consider moving from strict security prevention to a detection strategy. Moreover machine learning-enabled exception detection for threat detection. Applications can be programmed to automatically trigger a reaction to specific abnormalities – this feature is helpful when a rapid response is needed. The traditional Security Information & Event Management (SIEM) solutions are also witnessing AI-enhancement by models that provide streaming data analysis and threat modeling.
Coronavirus has influenced a hike in cyberattacks that have lead to a surge in IT, OT, and IoT security adoption. Organizations should improve and review their cybersecurity setup to include best practices such as regulate asset register, scan for IoT devices, cloud security review and integrate security automation and AI.