Don’t trust that TV in your boardroom
With the recent hacking developments, we are constantly reminded how dangerous IoT devices can be in a corporate environment. No IoT device is off the table for hackers, considering the massive set of DDoS attacks that utilized compromised surveillance IP cameras to generate a huge amount of traffic that crippled many websites and the recent WikiLeaks news, threatening that your Samsung TV could be spying on you.
The leaked documents from WikiLeaks reveal that the CIA developed an exploit that perhaps utilize some unknown, “zero-day” vulnerability to breach and take control of TVs. This malware puts the TV on a “dissipation mode” which misleads the owner to believe the device is turned off, when in fact the TV is still on and recording conversations.
Is it possible to protect your business from being yet another victim of an IoT-based breach? If so, what can we do?
In order to keep your network secure and compliant, organizations should follow best practices for IoT security. This includes rapidly adopting software systems to help implement and enforce threat prevention and security management of IoT devices.
These best practices include 4 major areas:
1. “Lock-Down” – Implement a device lock-down, hardening policy, or procedure. Vendors of IoT devices don’t always provide the best security configuration and correct security posture. Instead, adopt systems and processes that automatically reconfigure the IoT system and constantly institute a lock-down policy with respect to best practices, known vulnerabilities and threat intelligences. Minimal complexity of passwords, open ports, running unused services and always-on peripheral devices such as microphones are all part of a wide attack surface that must be reduced by fully-automated hardening of IoT devices. Automated hardening solutions provide the ability to restrict device features and services, allowed control of incoming and outgoing traffic, and even force patch updates for device software.
2. “Micro-visibility and Risk Monitoring” – Adopt systems that provide pervasive inside monitoring on all aspects of IoT devices on your network, from running processes to firmware changes and more. These systems discover and deeply understand the nature of any IoT device on corporate networks, and consciously monitor and present all possible risk factors introduced by a device. Such a security system must collect and analyze hundreds of different parameters from IoT devices. The system then can analyze and correlate collected data against known vulnerabilities and threats, and detect behavioral anomalies or post-breach activities on the device.
3. “Untrusted by Default” – Do not allow unauthorized devices to plug into your network. Implement secure access and governance flow of how to on-board new devices. Each device that is connected to your network, whether wired or wirelessly, must be authenticated, authorized, and assessed. Determine each device’s risk level prior to entering the corporate environment.
4. “Discover the invisible” – Adopt network-wide actionable visibility on all devices connected to the corporate network, and constantly discover new and unknown IoT devices. Act on each device that has been discovered by such network visibility systems to ensure the device is known, authorized and properly configured.
Protecting against IoT attacks begins with visibility, followed by detection and then reaction.
Portnox CORE provides an additional layer of device visibility and offers full capabilities for device discovery, authentication, and compliance enforcement. It provides a cutting-edge approach to network security that allows you to see any device on the corporate network, manage its risk and react upon automatically and in real time.
Use these best practices listed above to ensure your network is secure, and then nobody will be able to record your meeting discussions without consent via that TV in the boardroom.
Contact us to learn more about how Portnox CORE can help your organization secure its network.