As enterprises explore ways to integrate IoT-enabled devices into operations, organizations should also evaluate the security vulnerabilities that undoubtedly arise from adding IoT endpoints to the network.

Recent research has revealed IoT devices fall into three security categories:

Disastrous: Usually IoT-enabled security cameras and monitoring systems fall into this category as bad actors can compromise the network to access customer data, allowing break-ins to physical locations, and other crimes but virtual and in real life.

Disruptive: Video conferencing and VOIP conferencing and connected printers and scanners also open the possibility of cyber spying (listening or watching through IoT devices).

Damaging: IoT devices in the office breakroom such as smart fridges and light bulbs could give industrious hackers access to the enterprise’s network. Examples of this phenomena are legion and provide one of the easiest forms of entry because they appear to be innocuous when in fact they expose an organization to enormous risk.

Source: ForeScout

At present, you can say that we have a three-tiered group of IoT devices. Right at the top we have well-protected devices such as smart industrial machinery and laptops.

In the middle, we have moderately complex devices like smart thermostats that are used occasionally. Right at the bottom, we have smart electronic locks, employee badges, and HVAC technologies.

All these IoT devices by themselves don’t present much of a problem, but when you connect all of these disparate technologies to a single network, it will be difficult to ensure IoT security.

This is because we don’t have a one-size-fits-all solution to secure a variety of smart devices with multiple end-points to a single network.

Before anyone even heard of IoT, enterprises were struggling to keep their IT infrastructure secure. Now they’re tasked with securing their IT infrastructure with thousands of smart devices that you don’t always see.

If that wasn’t difficult enough, IT leaders also have to develop a robust strategy to leverage these devices to collect critical that can be useful in helping the organization streamline operations.



The Real Threat of an IoT Security Breach

Since the emergence of smart devices, hackers have been working to compromise them. You don’t have to look far to find examples of enterprises that experienced major network breaches due to IoT endpoint device vulnerabilities.  The Mirai botnet attack remains as the worst example to date but Brickerbot and the Chrysler Jeep attacks also rank highly.

While all these vulnerabilities pose an immediate risk to privacy, some of these exposed devices can also allow access to internal networks. As IoT can act as a potential gateway that leads right into enterprise networks, it can have serious consequences.

Vendors of IoT devices know security is a problem, but many of them pay more attention to shoring up security in certain devices and not others. That puts the responsibility to ensure all endpoint devices are secure in the hands of the enterprise’s IT leadership.

The question leaders in enterprise technology must ask, “Are IoT-enabled devices delivering enough value to the enterprise to justify the time, energy, and resources necessary to secure them and protect the company’s network?” This will remain a key question for CIOs because security vulnerabilities are often baked into IoT endpoints.

The good news is technology does exist to provide an orderly, focused, and iron-clad barrier around IoT-enabled endpoints to give enterprises the freedom to introduce them to the network at will.



SDN for Network Protection Ensures Adaptability, Programmability, and Visibility

While software-defined networking (SDN) can’t secure the IoT devices themselves, it can help control the network and leverage segmentation to mitigate a potential network intrusion. This means that by taking a cloud-based approach, enterprises can use SDN to optimize, route, and automate IoT security.

When smart devices and sensors are added to the network, it will make a note of each device that’s added to the network.

This approach will allow for the network to react differently to each endpoint depending on the nature of the device, the potential risk of a malicious attack, and the resources required to secure the device.

  • provision or de-provision the network to actively monitor and divert suspicious activity until it’s cleared for access. Network admins can program rules to make this happen automatically, making for fast, worry-free additions of endpoints to the network.
  • build multiple firewalls at various network distances to effectively respond to IoT breaches. This is a much better approach to security than building a single firewall at the edge of the network.
  • virtualize network components and services to apply access rules, reroute traffic, and program automatic adaptive responses to IoT devices. This means that you can segregate the network path where a potential intrusion has been detected and then investigate it from a central point.

By using SDN for network protection, you can significantly reduce the amount of time and resources needed to investigate each potential security issue. In the long run, this will save your company a lot of money.

SDN is also a highly affordable solution that can be adapted to meet the future technology needs of the business while remaining key to shoring up exposed networks.

To learn more about security threats in 2018, reach out to Acadia Technology Group. We can be your partner in creating in positioning your firm for success and enhanced network protection with Cisco’s industry-leading iteration of SDN called SD-Access.

Threat Matrix 2018