Internet of Things (IoT) devices are everywhere. They’re smartwatches on a runner’s wrist, pacemakers regulating a heart, video doorbells securing a home and even connected machinery used in manufacturing. The amount and variety of these devices is only expected to increase. Right now, there are more than 15 billion IoT devices connected worldwide; that number is expected to double by 2030. 

These devices present a golden opportunity for threat actors. Every new device connected to a network expands the number of possible entry points for a cybercriminal. Connected equipment like HVAC systems and even fish tanks can be used as the initial entry point in an attack chain if organizations aren’t careful. With the increasing number of connected devices coming online every year, it’s absolutely critical for security teams to protect their IoT security infrastructure. 

There are challenges with crafting an IoT security strategy, however, especially as the number of devices coming online increases and the variety of technologies that these connected devices operate on also rises. This blog will cover a few of the most common challenges that organizations face when securing their IoT devices.

IoT Security Challenge 1: Lack of Visibility

One of the most significant IoT security issues lies in device discovery. In simple terms, it’s impossible for organizations to secure what they can’t see. This is true with any network-accessible hardware or software asset, of course. With IoT devices, the scale of usage makes the issue particularly acute.

Organizations need to use technologies like port scanning, protocol analysis, and other detection solutions to figure out what devices are connecting to corporate networks. There are many products designed to help organizations discover the IoT devices connected to networks and build an inventory of assets for tracking. 

The second component of resolving the discovery challenge is continuous management. One-time scanning only builds a point-in-time inventory. New devices come online all the time, meaning organizations need to manage their device inventory to ensure that they have an accurate picture of every IoT device attached to their network at all times. 

Resolving the shadow IT problem is perhaps the biggest value-add for device inventory. Connected printers, surveillance cameras, and smart TVs are some of the unexpected IoT devices within corporate networks that could easily go unprotected. With a device discovery solution operating, organizations discover internet-facing devices like these and can then include them in an asset inventory. A solution like Asimily’s IoT Device Discovery and Inventory Management is critical in this context. Continuously scanning the network to discover new devices as they come online allows organizations to make more informed decisions about their security. Asimily identifies devices safely based on their network traffic. With the industry’s best protocol analyzer, deep packet inspection (DPI), and AI/ML-based traffic analysis, Asimily finds and classifies each device into a family, along with all apps, services, and connections.

IoT Security Challenge 2: Access Control and Authorization

Access control and authorization is a key challenge with IoT devices. Every IoT device has a unique identifier that it shares on the network. Determining what each device can talk to and which level of authorization it can have within your network is critical to long-term IoT security. 

Too much network access creates the possibility of using the IoT device as an initial access point for further lateral movement in an attack chain. That’s what happened in 2017, when a Las Vegas casino was hacked because of a thermometer in the lobby fish tank. Security firm Darktrace released the report shortly after it happened, explaining how hackers gained access to the fish tank thermometer and then moved to the PC that monitored the temperature in the tank. From that PC, hackers were able to attempt to make off with casino data.

Strict management of network authorizations and access with IoT devices can short-circuit attack chains. Authorization isn’t the same as network segmentation, but rather provisioning devices with only the access they need to be efficiently monitored or perform their required functions. 

Similarly, organizations need to monitor who has access to their IoT devices. If the connected device is transmitting data back to a supplier, or that supplier can remotely access the device, then organizations need to monitor that.

IoT Security Challenge 3: Vulnerability Management and Patching

Patching vulnerabilities is at the root of good IoT security strategy. IoT devices present unique problems with patch management, especially because many come pre-installed with outdated operating systems, firmware, and communication technology. This is an especially acute need given that there were an average of 813 IoT-related attacks daily in the first six months of 2023.

The often-dispersed nature of IoT devices makes patch management far more difficult. IoT sensors may be spread throughout miles of farmland, for example, or there could be connected pacemakers in dozens of cardiology patients. Critical-use IoT devices like medical equipment also can’t easily be taken offline long enough to deploy a patch. 

Many IoT devices don’t have a user interface for technicians to interact with, complicating deploying a patch even more. There’s also no guarantee that the IoT device will accept an update or that an update won’t irreparably damage operations. If a vendor stops supporting a connected device, that causes even more issues with vulnerability management. 

Organizations with heavy IoT usage should perform a risk assessment on every connected device that connects with their network, including discovering any outstanding vulnerabilities and determining remediation strategies. 

Knowing where to focus the cybersecurity team’s attention is crucial. Asimily’s unique Impact, Likelihood and Utilization analyses show which vulnerabilities attackers are likely to target, allowing them to allocate resources to the riskiest devices first. To also help with this, Asimily provides SBOM harvesting for prioritized lists and remediation recommendations.  SBOMs are used to help with exploitability analysis – to separate risky exploitable vulnerabilities from less risky, unexploitable vulnerabilities for a given device and network configuration.

IoT Security Challenge 4: Detecting Attacks in Progress

Every IoT product behaves differently with distinct protocols and communication methods. Understanding the way the IoT product interacts with the rest of the network, as well as what protocols it uses and how it behaves normally, is crucial to accurately monitoring the device for cyberthreats. 

Detecting threats is easier when security teams have a better sense of what the expected behavior of an IoT device is, and how it interacts with the rest of the network. This also allows for better risk assessment. Knowing the way that an IoT device communicates and what it is expected to do empowers security teams to more effectively identify anomalous behavior. With better detections, companies can more readily identify attacks in progress. As it stands, 48% of companies can’t currently detect if their IoT devices have been breached.

IoT security requires a solution like Asimily with its anomalous behavior detection, which allows defenders to quickly identify when a device isn’t acting normally. This allows cybersecurity teams to more readily determine when an attack is occurring and then deploy incident response capabilities. 

IoT Security Challenge 5: Responding to Attacks Effectively

Incident response is challenging with the internet of things. Tracking a potential incident in progress and security alert back to its source on an IoT device requires having a solution in place that allows responders to quickly investigate. 

Further, resolving incidents quickly and effectively limits the potential spread of damage. Dispersed IoT device networks with sometimes geographically separate devices complicate this, especially if these devices are not readily accessible remotely. More effectively responding to high-risk vulnerabilities and prioritizing response based on a dynamic, real-time threat analysis is required. This includes remediation blueprints for removing the greatest risk from the identified device groups, as well as automatically performing packet capture to reveal the tactics, techniques, and procedures that malicious actors are using.

Conclusion

Securing the many millions of IoT devices set to come online in the next few years presents a major problem for security teams. Between outdated communication technologies, shadow IT installations, and issues with understanding device behavior, it’s easy to see the challenge facing security teams. Despite this, organizations don’t have to go it alone. Asimily’s IoT protection solution helps healthcare, life sciences, manufacturing, higher ed, government, and other companies protect and understand their connected devices now and in the future.