IoT Cybersecurity

IoT devices in the company:
safety and protection gaps

Implementing IoT devices within the company means going beyond technical needs and paying special attention to the level of protection against attacks that may affect the privacy of data, the company and its customers, or prevent the proper functioning of its business.

IoT Cybersecurity
IoT Cybersecurity

Cyberattacks on IoT, a threat to consider

In view of the increase in vulnerabilities in this type of device, we must take into account technical needs and consider the level of protection against attacks that can obtain private data from the company or its customers as something vital.

According to one of Trend Micro‘s latest reports, 63% of companies say that “IoT-related threats have increased in the last year (2018)”.

Many IoT devices do not incorporate safety as a basic element in their design, manufacture and life cycle

IoT Cybersecurity

IoT devices in the company: yes but with cybersecurity guarantees

The organizations that connect to their networks devices IoT (Internet of Things) or IIoT (Industrial Internet of Things) must take into consideration the importance of armoring the security of the same, through:

  • Correct dimensioning and strengthening of the network where the devices are connected.
  • Analysis and personalized configuration of the same.
  • Implementation of endpoint control policies or firewalls to monitor the traffic and activity of each one of them.
  • Design of incident management plans, as well as monitoring systems and control of any possible security breach.

Aware of this reality, 40% of companies* consider it necessary to have encryption mechanisms and secure authentication of devices, as well as more anti-malware tools.
* THALES/Thales Data Threat Report (2019).

IoT Cybersecurity

CISOs must ensure security in the deployment of IoT devices in the corporate network

The Digital Transformation of the company, especially in the industry, has led to a digitization and automation of production and management processes, leading to the massive deployment of IoT devices.

This reality presents a new challenge to the CISOs of any company that must analyze vulnerabilities and establish appropriate policies to prevent possible scenarios of attack. They must protect all their resources, especially when they can serve as a gateway to gather confidential information about the organization itself or its customers.

Those IoT, IIoT (Industrial Internet of Things) or IoMT (Internet of Medical Things) devices that handle or obtain private data, for example, RFID, identification or presence devices, would be affected by the new application of the RGPD regulation and the processing of personal data that can be carried out through them.

Low-cost devices or that do not consider security as a model of design, manufacture and use, are the most vulnerable element today.

Typical scenarios for protecting an IoT network from attacks:

IoT Cybersecurity

These scenarios serve to put into context the need to use tools and methodologies that allow us to control, through inventory and vulnerability management platforms, all the IoT assets at our disposal.

There are many endpoint protection tools that facilitate this task, but it is necessary to apply an exhaustive control of the networks to which they are connected, as well as a crash plan when a vulnerability is detected that has been exploited, since using only VPNs or segmenting the network is not enough.

Basics for a protection scheme:

  • Study of the devices to be implemented

    Study of the devices to be implemented

    Served by known suppliers and with some support.

  • Installation and Usage Policies

    Installation and Usage Policies

    The installation and configuration of these devices should only be performed by authorized departments, preventing any user from introducing new devices to the network.

  • Device identification

    Device identification

    Identify each and every device on the network.

  • Segmentation

    Segmentation

    In order to properly control these assets, they must be configured on their own isolated network.

  • Monitoring

    Monitoring

    Traffic control and detection of new devices on the unauthorized network must be maintained.

  • Protection

    Protection

    Control of these devices is vital. Many are not security-oriented, others do not offer updates or are no longer supported, assuming clear exposure in the future.

  • Physical security

    Physical security

    This aspect is very important, as it can be modified or blocked by third parties.

Related Services

Related Products