The internet of things (IoT) is opening a whole new world of possibilities. Unfortunately, it also is creating a whole new world of threats too, such as ransomware of things (RoT). Here are seven things enterprises can do to better secure their IoT.
Know your network. Know what IoT devices are on the network, and what their vulnerabilities are, so you can make a smart defense plan. “For example, if we have an old MRI machine that runs XP, we can’t get rid of that, but if we track the vulnerabilities, we can create a plan to mitigate them,” says Jason McNew, founder and CEO of Stronghold Cyber Security and an Air Force veteran who previously worked for the White House Communications Agency/Camp David for 12 years, where held one of highest security clearances known as the “Yankee White.” “Sandboxing. Use VLAN’s, ACL’s, firewalls, and physical separation if possible to keep IoT devices in their own network realm. Design your IoT like a guest network, and trust nothing.”
Lock down your switch ports. “Since the majority of IoT devices don’t have any form of network authentication built in, and certainly cannot use advanced security mechanisms such as Kerberos or 802.1x, lock your switch ports down on a per-device basis. This will help prevent unauthorized devices from being plugged into your network,” McNew says.
Use hardware/software that provides a clear view into data’s use. “Use platforms that provide a transparent window into network traffic and data mobility, so IT and users can see where their data are being used, and by whom,” advises Josh Siegel, a Research Scientist in the Filed Intelligence Lab at MIT, and a course instructor at MIT. “Even better is to provide direct control over the flow of data so it can be shut off at a moment’s notice.”
Read more here.