Rick Weaver has been working in the IT world for 20+ years and has been focused on IT Security for the past 15 years. Rick has held multiple roles within Check Point in the Sales and Professional Services Teams.
In this interview, Rick Weaver discusses how businesses can assess and handle their IoT risks and shares the “secret ingredient” for IoT success. This interview provides you with premium cyber security insights that you won’t want to miss.
What does the recent “explosion” in IoT device adoption mean for businesses and for CISOs?
The recent “explosion” of IoT should not be a surprise to anyone in IT or IT Security, as IoT devices have been on networks for 20 + years. Just looking at the breadth of devices and applications, we now have to address IT security for the following platforms:
- IoT: Internet of Things
- OT: Operational Technology
- SCADA: Supervisory Control and Data Acquisition
- IoMT: Medical IoT
- BMS: Building Management Systems
- “Smart” Cities\County’s\Building’s\etc
The end result for all these types of devices on traditional networks is that there is a major increase in traffic and risk profiles that are above and beyond what most leaders are aware of today.
How can businesses assess their levels of IoT risk?
IT leaders need to take a very comprehensive look at what is “riding on the wire” on their networks. What looks like a benign IP camera to help enforce physical security may lead to very harmful consequences if the camera is compromised. Does anyone know the 5 W’s for all the IoT devices on a network? The Who, What, When, Where and Why for all the traffic and egress points of that traffic. Business leaders need to be aware of the rapid increase in levels of traffic and what that traffic is doing. One must ask why is that camera contacting sites in other nation states? Is it malware? Is it an update? Is it safe?
To understand the level of risk that is being introduced into corporate networks today, we must capture all IoT traffic and obtain an understanding of the patterns of normal and abnormal behaviors. Once a baseline of “approved ” traffic has been established, rules can be written to allow or deny traffic-based needs and threat levels. IoT networks are, in many instances, very suitable for zero trust models. In other words, only allowed and approved traffic has access to the networks and devices on those networks.
How can businesses handle the IoT risk that they may present to the supply chain?
Supply chain traffic, along with normal business traffic, needs to be identified, vetted, and approved prior to when network access is made available. As we have seen a spike in supply chain vulnerabilities and compromises, all updates need to be carefully identified, tested in isolated lab environments, and then installed in a timely manner. One benefit of IoT networks is that we see the updates for firmware and applications are not as frequent as in normal business environments, but that’s not to say there are not any vulnerabilities, which there most definitely are.
How can CISOs respond to the fact that most IoT devices are built with open-source software?
While open-source software is used in many IoT applications there are ways to easily and affordably secure the traffic to and from these devices. Best practices for IoT devices include zero trust and segmentation to isolate devices from business networks and from one another.
Is there a key ingredient for IoT security success?
The key ingredient for IoT security is visibility. We cannot secure or control traffic that we cannot see or identify. There are many IoT “discovery” partners that can identify thousands of devices. Once the devices are identified, security solutions and their managers can then digest all the device info and build rulesets and threat prevention profiles to allow or deny access. The identification, visibility, and enforcement of IoT traffic is key to reducing the risks associated with IoT.
Ninety percent of consumers lack confidence in IoT security. How can businesses win consumers’ trust?
The technologies that can be used to identify IoT traffic can be done without impacting the functionality of the devices. We can also setup enforcement points as “detect-only”, which allows all traffic to pass. To secure the devices we can then start “locking down” traffic to only approved access and threat levels.
Anything else that you would like to share with the Cyber Talk audience?
There are a number of recommendations that we make to our customers to secure IoT traffic and they include:
- Be aware of all traffic on your networks, who’s talking to who and why.
- Hold manufactures accountable for providing secure firmware.
- Be able to fully identify all devices and only allow necessary protocols and services on your networks.
- Use zero-trust and segmentation on your networks.
Discover more cutting-edge business and cyber security insights when you sign up for the Cyber Talk newsletter.