As the number of IoT related security incidents escalate, many CISOs are looking for ways to minimize their risks of an IoT related attack. One of the big hurdles they face is merely establishing the type and numbers of devices on their networks. Many enterprises, and perhaps most, have no idea how many gadgets are connecting to and using their networks.
Cisco’s recently released 2018 Annual Cybersecurity Report underscores this issue. According to the study, the vast majority of survey respondents don’t know how many IoT devices are on their corporate networks. This is due, at least in part, to the fact that devices are deployed by multiple divisions and different departments and teams.
Where Are All These IoT Devices Coming From?
Outside of the IT department, those commonly deploying IoT devices include facilities management, physical security teams, and individual employees and contractors. The IT staff isn’t responsible, or even aware of all of the devices that are being installed. TVs, DVRs, security cameras, vending machines, thermostats, and other gadgets are deployed by numerous organizations, and they are rarely managed methodically or coordinated with IT. There’s no patching, updating, or even accurate inventories. Then there’s the personal devices brought in by employees such as smart speakers, employee-owned watches, health devices, and other types of wearables.
According to the CISCO report, the problem is across virtually every vertical.
Getting a Handle on Your Company’s IoT Devices
With IoT growth predicted to more than triple by 2025 to over 75 billion connected things, cybersecurity managers increasingly need to anticipate how to keep their networks secure from IoT vulnerabilities. Getting an accurate picture of the number, location, and types of these devices is a necessary first step.
Some leading organizations are using artificial intelligence (AI) technology to discover IoT devices, and even block distributed denial of service (DDOS) and other threats. AI, or machine learning (ML), is very effective in discovering any device using the network, including those that are newly installed. AI can also effectively detect odd behaviors. That’s very useful because it can detect when a device has been compromised. For example, if a thermostat starts transmitting high volumes of data to an unknown location, a quality AI-based system would see it, raise appropriate alerts, and if desired, automatically block those transmissions.
As the number of IoT devices escalate, so will the number of related cyberthreats. Fortunately, new tools are emerging to help organizations not only detect IoT devices on their networks, but identify when they’ve been compromised.
Learn how UEBA can help your organization https://fortscale.com/