What is IoT Security

March 18, 2021

What Is IoT Security

IoT security is a subsect of cybersecurity that focuses on protecting, monitoring and remediating threats related to the Internet of Things (IoT) — or the network of connected devices that gather, store and share data via the internet.

Often overlooked or minimized within the cybersecurity strategy, IoT security has become a more pressing concern for organizations given the recent shift to remote work due to COVID-19. With people now relying on both their home network and personal devices to conduct business activities, many digital adversaries are taking advantage of lax security measures at the endpoint level to carry out attacks. Insufficient IoT protocols, policies and procedures can pose a grave risk for organizations since any device can serve as a gateway to the wider network.

2021 CrowdStrike Global Threat Report

Download the 2021 Global Threat Report to uncover trends in attackers’ ever-evolving tactics, techniques, and procedures that our teams observed this past year.

Download Now

What is IoT?

Put simply, an IoT device is any “thing” that can be connected to the internet. This includes traditional endpoints, such as computers, laptops, mobile phones, tablets and servers, as well as non-traditional items, such as printers, cameras, appliances, smart watches, health trackers, navigation systems, smart locks or smart thermostats. IoT is the collective term for the network of connected devices that are equipped with sensors, software or other technologies that allow them to gather and transmit data through the internet.

Over the past decade, IoT technology has experienced phenomenal growth. IoT Analytics, an insights firm specializing in IoT research, reported that IoT connections, such as smart home devices, connected cars and network industrial equipment exceeded traditional connected devices such as computers and laptops, for the first time in 2020, representing 54% of the 21.7 billion active connected devices. The firm estimates that by 2025, there will be more than 30 billion IoT connections, which equates to about four IoT devices per person on average.

Examples of IoT Devices

At the enterprise level, IoT devices also include industrial machinery, automation tools, the smart grid or any other device that gathers and transmits data through the internet.

IoT Security Issues

IoT security is extremely important because any smart device can serve as an entry point for cybercriminals to access the network. Once adversaries gain access through a device, they can then move laterally throughout the organization, accessing high-value assets or conducting malicious activity, such as stealing data, IP or sensitive information. In some attacks, such as a Denial of Service (DoS) attack, cybercriminals will assume control of the device and use it to overwhelm servers with web traffic, preventing legitimate users from conducting normal activity.

Learn More

CrowdStrike’s open ecosystem allows partners to build value-add solutions on the leading cloud endpoint protection platform. Learn about all of our IOT Partners that can help strengthen your security environment.View: CrowdStrike ICS/IOT Partners

Traditionally, organizations and consumers protected their devices through a range of security measures, such as antivirus software and firewalls. However, these measures may not be suitable for protecting IoT devices, since many cannot support the processing and storage requirements of such tools. As such, it is necessary for organizations to develop a comprehensive cybersecurity strategy that protects against a wide range of cyberattacks across all devices at both the endpoint and network level.

IoT Security Risks

Unfortunately, many IoT devices are not designed with security in mind. In many cases, these devices lack the processing power and storage capabilities to support the installation of additional security on the device itself, which means that companies and users cannot protect the endpoint beyond the existing security features. Instead, organizations must rely on network security capabilities to prevent attacks, as well as detect and remediate threats as they arise.

Even those devices that support the installation of additional security measures may not be compatible with the company’s existing cybersecurity tool set. Disparate operating systems and a variety of hardware almost guarantee that the organization will not be able to protect all connected devices using the same tools, policies and procedures.

Further, IoT devices, like traditional endpoints, require patching and OS updates. The sheer number of connected devices makes it difficult for organizations to manage this activity, especially if the devices are owned by employees.

Finally, connected devices may not require strong password practices — a point that is compounded by the fact that many people underestimate the risk posed by non-traditional connected devices.

IoT Security Best Practices

IoT security is part of the organization’s overall cybersecurity strategy.

For private users, it is important to treat connected devices with the same level of security as they would a traditional endpoint, such as a computer or smartphone. To that end, we recommend:

  • Staying up to date with all patching and OS updates required by the connected device.
  • Using strong password practices for all connected devices.
  • Enabling multi-factor authentication whenever possible.
  • Routinely taking inventory of your connected devices and disable any items that are not used regularly.

At the enterprise level, IoT best practices also include:

  • Developing and implementing an IoT device policy that outlines how employees can register and use a personal device, as well as how the organization will monitor, inspect and manage those devices to maintain the organization’s digital security.
  • Compiling and maintaining a master list of all IoT devices — both those owned by the organization and those owned by employees — to better understand the attack surface and the security measures needed to maintain a safe environment.
  • Consider implementing a cloud access security broker (CASB) to serve as a security check point between cloud network users and cloud-based applications to manage and enforce all data security policies and practices including authentication, authorization, alerts and encryption.
  • Monitoring all network devices and taking immediate action if and when any devices show signs of compromise.
  • Encrypting all data being transmitted to and from connected devices from its original format to an alternative.

IoT Security Tools

Since there is no single security tool that can provide uniform and complete protection across all connected devices, IoT security requires a blend of elements from both the endpoint security strategy and cloud security strategy.

The following capabilities can help ensure the security of all connected devices and are considered a necessity for all modern organizations:

1. Prevention: Next-generation antivirus (NGAV)

Next-generation antivirus (NGAV) uses advanced technologies, such as AI and machine learning, to identify new and emerging threats by examining more elements, such as file hashes, URLs and IP addresses.

2. Detection: Endpoint Detection and Response (EDR)

Endpoint Detection and Response (EDR) is a solution that provides continuous and comprehensive visibility into what is happening on endpoints in real time. Businesses should look for solutions that offer advanced threat detection and investigation and response capabilities, including incident data search and investigation, alert triage, suspicious activity validation, threat hunting and malicious activity detection and containment.

3. Managed Threat Hunting

Managed threat hunting is conducted by elite teams that learn from incidents that have already occurred, aggregate crowdsourced data and provide guidance on how best to respond when malicious activity is detected.

4. Threat Intelligence Integration

To stay ahead of attackers, businesses need to understand threats as they evolve. Sophisticated adversaries and advanced persistent threats (APTs) can move quickly and stealthily, and security teams need up-to-date and accurate intelligence to ensure defenses are automatically and precisely tuned.

Expert Tip

By leveraging Dragos ICS/OT threat analytics against your endpoint data collected in your CrowdStrike Falcon instances, you get an understanding what adversaries are operating in the IT network and an early warning about potential threats against your production systemsDownload: Dragos | CrowdStrike Partner Solution Brief