The Hidden Threat and Risk of IoT (Internet Of Things )
The Internet of Things (IoT) is one of the fastest-growing industries today, with the number of devices connected to the Internet rising by as much as one-third year-on-year. These are often simpler devices that can measure room temperature, count food supplies in the refrigerator, or measure water consumption. Not to mention that there are technologies that monitor your heart rate. What good would such data be to attackers? How many times is it not just about the essence of the data, it is all about who is holding it and to whom it might escape. For example, if an energy company missed its customers’ water consumption data, it would damage the company’s reputation and invest a lot of resources to improve its reputation.
IoT is everywhere!
IoT devices can be used in so many sectors of society, for example, in the military industry or even at airports. In such cases, you can guard the no-fly zone above the airport, where you will combine data from radar, radio, and camera technologies. They will trace unwanted drones and try to eliminate them. The IoT phenomenon is simply everywhere and we must not underestimate it. IoT may be a good servant but in the wrong hands can be a bad lord. In any case, it is always a matter of protecting our data, the greatest risk is their leakage into the wrong hands.
Many times, many institutions and companies have no idea what devices are in their internal network. The biggest risk is the fact that no one has control over these devices. They live their own lives, they are often not even updated by the manufacturer and user, they are run on old non-patch firmware and nobody watches over them. They are therefore an easy target for attackers and pose real threats to the operation and reputation of the company. I would like to divide these risks into three categories:
- Misuse of IoT to direct harm to the user (individual, business, state, or public organization)
2. Misuse of IoT as an access point through which other valuable assets can be accessed
3. Misuse of IoT as a computing and communication source for other purposes (to attack someone else, or for example to extract cryptocurrency, etc.).
Let’s protect the perimeter
And that’s why you need to face it, protect the network perimeter and the good name of your employer. If you are responsible for such things, try looking around the office, peeking at your colleagues, and look for any device that has Internet access and potential access to internal, often secret, information. You will find that there are many of them and that there will be even more, more than those laptops, computers, and servers.
Therefore, we must actively defend ourselves, such as segmenting the network, creating single centralized access for IoT devices to the Internet, identifying the devices themselves, setting limits on where they can and where they are on the network, checking them based on events and newly discovered threats. Nowadays, it is difficult to find resources for expensive training for IT staff and add another bite of work. It is easier and more efficient, and more reliable, to find a solution that automates these processes for us. In case of exceptional events, it informs us about this and does not require continuous supervision.
What is Fortinet?
FortiNAC is from Fortinet, the world leader in IT security, offers such solutions. Since 2000, it has been continuously working on its own technologies to integrate with third-party devices and ensure the security of not only data centers, but also ordinary organizations. Thanks to FortiGuard’s own research team, they are able to respond in real-time to modern threats, provide immediate support, and protect not only data and finances but above all the user’s reputation.
FortiNAC provides protection not only for IoT devices, it provides an overview and visibility of the network with automated action. Detects every device on the network and can limit IoT devices to the minimum required network access.
The strengths of FortiNAC should serve as the foundation of any IoT security. I am thinking, for example, of the following functions:
Network scanning, device classification, without the need for an agent;
Creating inventory and smart groups of all devices;
Event reporting to SIEM (Security Information and Event Management) with a detailed description to simplify investigation;
Assess the risks of each facility;
Automate the integration process;
Enforce dynamic network access control and automate segmentation;
Many detailed reports and analyzes.
As mentioned before, IoT devices are a good servant, but they can also be a bad master. We must not allow them to go through such a change of state and automatically force them to fulfill their primary purpose, to protect them and especially themselves.