Extreme Networks outlines how to overcome 4 Common IoT Security Vulnerabilities

27/05/2021

By Julian Critchlow, General Manager, Extreme Networks, Australia and New Zealand

When it comes to IoT, it’s easy to get lost in the big picture.

Global research firm, Statista, projects IoT spending will surpass $1 trillion by 2023. But before you get lost in the cloud of opportunity, it’s critical to stay grounded. The average cost of a data breach in 2020 was $3.86 million globally. That figure increased 9.8 per cent year-on-year in Australia, priced at $3.35 million, a sobering fact to consider. Add to this, malicious attack breaches were more financially heavy, costing organisations across the globe on average $3.74 million instead of system glitches, at $2.90 million, and human error, at $2.82 million.

Here are four common IoT security threats and how your organisation can avoid them.

  1. Weak passwords are the dead horse we continue to kick but warn as we may, this is a significant issue. There are two sides to this coin: choosing predictable passwords and not changing a device’s default password. The onus falls on IT admins to ensure a brute force attack isn’t all it takes to penetrate your network. Complex passwords that are changed with regular frequency can go a long way in protecting organisational interests.
  2. Inadequate privacy protection is unacceptable. The most valuable commodity in business today is data. The hundreds or thousands of devices comprising your IoT deployment collect and store sensitive information. Recent research noted that 91.5% of enterprise IoT communications are in plaintext, which means a savvy hacker could do as he or she sees fit with the “score.” To the 8.5% leveraging SSL: well done.
  3. Security updates are critical. What is your update process? Encryption is necessary, as organisations must be able to send real-time updates to endpoints. Suppose there is no firmware validation, security monitoring or patch delivery. In that case, devices are left with code vulnerabilities and running outdated software. Audit your update process. The time now will save you money later.
  4. Shadow IoT is a growing threat to enterprise IoT. Healthcare is arguably the most impacted arena. ZK Research notes that 95 per cent of healthcare deployments included Amazon Alexa and Echo devices active in the same environment as medical monitoring equipment. The possible HIPAA violation is the beginning of the nightmare. ZK Research also pointed out another major caveat, 61% of IT lack confidence in knowing what devices are connected to the network. If you were curious, that number jumped by 10% in recent years. Success against Shadow IoT is found in strict device policy and comprehensive security solutions to offer much-needed visibility.

Developing a coherent and effective security strategy starts with the right partner. Fortis Security works with Extreme Networks to deliver end-to-end, secure, cloud-driven networking solutions. ExtremeControl, IT gains granular policy control from the edge to the data centre into the multi-cloud, delivering context-based control and simple and secure onboarding, all via a single pane of glass.

Is your Wireless Intrusion Prevention System (WIPS) up to the task? A comprehensive Wireless Intrusion Prevention System enables active monitoring of devices on the net, offers centralised management, and supports dedicated and radio-share sensing modes. 

These are a couple of tools to fortify security positioning and evolve toward complete visibility, policy consistency, more accurate asset tracking, and faster vulnerability detection. A segmented network moves in the right direction, but security is an ever-evolving journey, not a destination.

The truth about IoT security is that organisations are not doing enough to minimise risk. Every device, every network layer, every user plays a pivotal role in protecting enterprise interests. Safeguarding an IoT deployment is complex, but there are simple steps a business can take to put its best foot forward.

 

Contact our team today to discuss your unique business requirements and security solutions.