When companies began to embrace the idea and the tech behind the Internet of Things (IoT), one area that stood to benefit the most was, and is, the world of manufacturing. Anyplace that relies on efficient operations to keep things flowing, and does so using a litany of systems, lends itself well to the burgeoning world of IoT. Imagine if all of your numerous systems are becoming much more easy to network and thus control online-it would be a godsend in most cases.
But, what if I told you that all of these newly connected and integrated devices were now putting your company’s network at risk? Sound extreme? Perhaps, but in the world of information security,that’s how we have to move forward. We assume and expect the worst, and plan accordingly.
So what if you just integrated a slew of embedded devices within your warehouse in an effort to make your manufacturing process more automated, controlled and efficient? Do you rip them out?
No, in most cases you would not even dare do that, especially considering just how expensive some of those systems are. So what can you do to ensure that your IoT implementation does not come back to haunt you?
- Change the default information. Simply put, don’t leave default password and login credentials on these devices. You could also, if feeling so inclined, change things like default IP address and ports as well. All defaults are in user manuals, and almost every manual ever made winds up on the Internet. This is an easy hole to fix.
- Segment your network. This one should be an obvious move for a seasoned IT professional, but it is worth repeating. In a corporate LAN it is appropriate to segment a network, and it makes sense to do so here as well. By segmenting your network, you have set up a means to keep some traffic away from other traffic. A perfect example would be if someone were to compromise a portion of your network, or a virus got out, you could have segmented your company network in such a way that only a portion of the actual company assets would be at risk or compromised. This design allows for threat isolation during incident response. While I don’t want to lose any segment to a hacker, losing a small chunk versus the entire network is a trade most would be happy to make.
- Get tested. Simply put, get penetration testing and other vulnerability assessments done, and not just once. There are literally exploits coming out daily, as well as patches for them and other means to exploit systems. By running regularly scheduled scans and testing, you will ensure that your network, including your IoT devices, is as safe as it can be. If you have weak spots, you’d much rather an ethical pen tester discover them and offer methods to remedy them, as opposed to a hacker finding a vulnerability and exploiting it.
The IoT is an exciting area of growth to watch for as organizations upgrade from old gear to new, or by augmenting existing gear with new IoT capable devices. But, with great power comes great responsibilities (hint, we just spelled out three). You’ve been given the great powers of IoT, but you are responsible for locking them down and not creating more security holes than is needed. Ensuring these newer devices are on net and secure is of the utmost importance.