The next frontier in cybersecurity

It seems like yesterday when everyone was scrambling for Wi-Fi routers to create their own private networks. But, the proliferation of phones and tablets has changed everything. We started to use public networks, and we got used to expecting constant connectivity. At home, at work and anywhere in between, we expect our devices to be available at any time through any network. With businesses of all sizes generating more data than ever before (2.5 quintillion bytes every day), it’s no surprise that the Internet of Things (IoT) is under the spotlight.

The new era of connected devices

We’re connecting everything: vehicles, factories, home appliances and surveillance systems, along with all of the requisite sensors and controls that yield significant and undeniable benefits. Hospitals are using IoT to accelerate disease diagnosis by continuously monitoring patient activity, financial institutions are using it for better authentication and ironically “higher safety”, and automotive companies are using it to track telematics. But these new devices also come new challenges in the war against cybercrime.

IoT, a blessing in disguise

The Internet of Things promises to give us more convenience and ease of use, but the increase in connected devices also means increased and more complex attack surfaces that are a lot harder to control and threaten our security and privacy. Every connected device poses a risk. In north America, attackers used a connected fish-tank thermometer to get a foothold in the network of casino.

Monitoring IoT cybersecurity risk is no longer enough. These devices are often shipped with default passwords that are never changed by the user, which leaves them open to be accessed by anyone with malicious intent. An attacker can gain access through the open ports and monitor the traffic that passes through the devices. If they see something of interest, they can then compromise that device or pivot into another part of your network just like in the case of the casino until reaching more critical assets.

Best practices to mitigate IoT risks

To successfully secure IoT devices, there are several best practices you should be looking at:

• IoT policies need to be set and acted on. It should start with changing the default passwords and  keeping them up to date with the latest patches and firmware updates.
• Continuously monitor connected device networks to identify sudden changes in activity levels.
• Keep all connected devices on a separate network through network segmentation 
• Use two-factor authentication (2FA) where and when possible

Gearing up for the shifting battlefield

In the face of rising network complexity and risk, the first thing corporations need, is to put in place is a policy around IoT usage and adoption. The next and often most challenging step is regaining control of the attack surface; visualise and understand what devices are exposed and how they could lead to critical assets within a network. It is what the team at Oxyde Technologies has heavily devoted itself to. By leveraging the power of AI, Oxyde’s flagship product ‘Zion’ enables organisations to regain full control of their attack surface through discovering and eliminating critical security risks before they can be exploited by a malicious actor. It maps out every device in a network, identifies vulnerabilities and validates them through exploitation so that they can be prioritised based on:

• Intrinsic vulnerability characteristics (Impact and exploitability)
• Context of the vulnerability (Distribution spread effectiveness, exposure, threat metadata)
• The criticality of the asset and it’s exposure (Nature of the asset and its links to other critical assets)
  
  

This risk assessment framework allows Oxyde Technologies to provide risk based remediation to drive better ERM decisions while assuring continuous security validation of IoT devices.

Stay ahead of hackers by taking the leap towards a more proactive and results driven cybersecurity assessments and start validating your security now.

Andrew Law 
COO of Oxyde Technologies.