The threats against Internet of Things (IoT) devices have grown over the past few years as more of these connected systems come online. IoT-specific malware grew 37% year over year in the first half of 2023 according to recent research, resulting in more than 77 million attacks globally. This is in comparison to 55 million attacks in the first half of 2022.  Building IoT security resilience into your program is crucial.

IoT and industrial IoT (IIoT) devices like security cameras, heating and cooling devices at commercial facilities, and smart fire control systems are becoming more prevalent in the enterprise. That means the rise of IoT malware becomes a more crucial issue. The problem is that IoT devices are typically designed with a narrow set of functions, without the excess computation or storage capacity that allows flexible cybersecurity defenses to be present and updated.

Why IoT Security Resilience Matters

In a security context, resilience refers to the ability to withstand potential damage and ensure availability. For IoT devices, building resilience means that these systems will have defenses to mitigate the worst potential impacts of a cyberattack. 

Industrial IoT are the devices that help ensure that more industrial scale and operational technology operate properly. An example would be the set of sensors that monitor throughput and environmental conditions in industries as diverse as automobile manufacturing or wastewater treatment.

One of the key ways that security teams can ensure resilience is through performing risk assessments on all devices coming into the enterprise before they are deployed. Procurement and cybersecurity teams need to both participate in these assessments, which include understanding the potential issues within the device. This can include a lack of known vendor support, insecure protocols in use, or outdated operating systems. Sometimes, but not always, vendors provide useful information about the software composition of their devices in an SBOM (Software Bill of Materials). Increasingly, this is becoming a best practice and is mandated to provide for some sectors, such as medical devices (since 2023).

Resilience in Networks Secure IoT Devices

Part of building resilience into IoT security is building secure network topologies around the devices. The issue with IoT and IIoT is that the component devices are often deployed in such volume that individually it’s difficult to secure them. 

A more effective approach is to build secure network defenses around the devices that are deployed within the network. This can mean ensuring that any mission-critical IoT or IIoT devices aren’t accessible via the open internet, and are adequately segmented from the rest of the corporate network. 

Security teams should also have access to reports or dashboards that show which devices and other systems the device in question has been communicating with (commonly called Flow Analysis). These are often useful to perform follow-up investigations on, as they could be the target or source of lateral movement activity by attackers. By pivoting to the “neighbors” and then subsequently into those system’s neighbors, an accurate map of device relationships can be created and leveraged to ensure the IoT device is secured. They are also a key component for determining true risk, which is not as simple as looking at a vulnerability’s severity score without context.

Backups are an Important Part of Resilience in IoT

A holistic approach to IoT security needs to consider disaster recovery. Should the worst case happen, and a threat actor compromises IoT devices, there needs to be a plan in place for how to recover from that quickly. To recover IoT devices, engineers might need to reset to factory settings when recovering from a disaster, but the optimal best state in practice is often a major unknown. This can be a major problem in terms of getting business operations back to normal, as it takes time in the field to reconfigure and recalibrate the device back to optimal conditions. 

To rectify this and accelerate disaster recovery, security teams should baseline the optimal performance state with a snapshot to replicate device configurations. Having this snapshot can allow organizations to retain the optimal configuration, saving a tremendous amount of time and providing peace of mind. That way, if there are changes in the configuration from a vendor breach or a user accidentally making changes that they didn’t realize affected security, the changes can easily be resolved. 

As part of ensuring an effective disaster recovery, security teams should monitor software updates and ensure they receive automated notifications for anomalous configuration changes seen on the network. A common policy that can be monitored for and enforced is when devices start communicating with an undesired external IP after the risk was remediated, such as one in a country unrelated to the vendor or the device owner.

Conclusion 

IoT and IIoT devices are becoming incredibly common in multiple contexts, in corporate conference rooms and on the factory floor. Ensuring that these devices are as resilient as possible against cyberattacks is absolutely vital as a result of this ubiquity. Asimily’s IoT security is designed to ensure resilience by tracking network connections, ensuring easy recovery in the event of an emergency, and detecting anomalous behavior for improved incident response.

To learn more about Asimily, download our Total Cost of Ownership Analysis on Connected Device Cybersecurity Risk whitepaper or contact us today.