Network Shadows: Unveiling the Security Perils of IoT Expansion

Morgan Wright, Chief Security Advisor at SentinelOneBy Morgan Wright, Chief Security Advisor at SentinelOne

The Internet of Things (IoT) has continuously pushed the limits of convenience, allowing us to monitor sites remotely, automatically adjust the thermostat, or play music without tangled wires. However, while we bask in the convenience brought up by the exponential adoption of these devices, those in charge of securing them find them hard to manage or even locate on the network. This is despite the fact that new IP addresses under IPv6 provide available web addresses for trillions of the IoT devices we expect to see brought online in the coming years.

What began as a network of relatively simple gadgets has burgeoned into an ecosystem encompassing billions of devices globally. For businesses, the simplistic design and complex problems that arise from these cameras and healthcare monitors are putting their organizations at risk, requiring urgent attention and innovative solutions.

Vulnerable by Design: The Inherent Security Flaws of IoT Devices

One of the primary issues with IoT devices is their inherent lack of robust cybersecurity features. Many of these devices are designed to perform specific functions without direct human interaction, such as a sensor that monitors temperature or humidity in a manufacturing plant. Since many of these devices are seen as ‘set it and forget it,’ they don’t have a user interface– they simply collect data and transmit it to a central gathering point. This simplicity, however, often means these devices are not equipped with advanced security measures, making them vulnerable to attacks.

This doesn’t even address the difficulty in identifying and managing IoT devices on a network. Unlike traditional computing devices, IoT devices may not be readily visible or identifiable within an organization’s IT infrastructure. It is nearly impossible to implement effective security measures without knowing what devices are present on a network. This visibility issue is exacerbated by the sheer number of devices, often called “shadow devices,” that can connect to a network without proper oversight.

The first major IoT compromise sent shockwaves through the security and automotive industry. In July of 2015, security researchers Charlie Miller and Chris Valasek used a zero-day exploit in the entertainment system of a Jeep Cherokee to shut down functions such as braking, steering and acceleration. A Wired reporter was the ‘digital crash-test dummy’ and documented the ability of the ‘hackers’ to connect to the Jeep wirelessly over the internet and take complete control of the vehicle. Another significant incident is the Mirai botnet attack in 2016, where a massive number of IoT devices were compromised and used to launch a distributed denial-of-service (DDoS) attack that overwhelms a system with access requests until it can’t handle the load and crashes. This attack exploited weak security in IoT devices, such as default passwords, highlighting the critical need for improved security practices and tools to defend against such threats. exploit

Unfortunately, these attacks are only rising, climbing 108% year over year in the first quarter of 2024. To make matters worse, DDoS attacks in 2023 often included nearly 4,000 devices, while in January- March of this year, they leaped 400% to over 16,000.

Strategies for Robust IoT Security

Given the scale and complexity of IoT networks, traditional security measures are often insufficient. This is where AI-driven solutions come into play.

Artificial Intelligence can provide the scalability and adaptability needed to manage and secure the exponentially growing number of IoT devices in the field by continuously monitoring network traffic, identifying anomalies, and responding to potential threats in real time. This 24/7 monitoring is something that Chief Security Offices have been only able to dream of, offering a dynamic defense mechanism against cyber attacks.

Best Practices for Securing IoT Devices

  1. Inventory Management– Organizations must maintain an accurate and up-to-date inventory of all IoT devices connected to their networks. This requires tools that automatically discover and catalog these devices, providing a clear picture of the network landscape.
  2. Default Password Policies– Many IoT devices have default passwords that users often do not change. Ensuring that all devices have unique, strong passwords is critical to securing them.
  3. Network Segmentation– By segmenting IoT devices into isolated networks, forcing them to be digitally ‘contained’, organizations can limit the potential damage caused by a compromised device. This approach ensures that even if one device is breached, the attacker cannot easily move laterally across the entire network.
  4. Behavioral Monitoring– Implementing continuous behavioral monitoring can help detect suspicious activity that may indicate a compromised device. AI-driven tools can analyze patterns and flag deviations that could signify an attack.

The Path Forward: Implementing a Comprehensive IoT Security Strategy

The reality is that IoT devices are here to stay—and for good reason. They make it easier to conduct tasks that would bore people, limit the security measure’s effectiveness, or unnecessarily thin out resources. They also help turn incidents into streams of data that can then be broken down and analyzed.

Considering these realities, it’s for security teams to prioritize the effective protection of IoT devices and the networks they connect to. Thankfully, AI can use layman’s terms to help those who want to secure their business via:

  1. Discovery and Diagnosis– Understanding what devices are present and their current security state is the first step in protecting them. Automated tools can discover all IoT devices on a network and diagnose their security level.
  2. Configuration Management– Changing default passwords, updating firmware, and applying security patches can ensure that all devices are properly configured and secured to the manufacturer’s latest standards.
  3. Continuous Monitoring and Response– AI-driven security solutions can provide the necessary scale and responsiveness to manage large IoT deployments, implementing continuous monitoring to detect and respond to threats in real-time.
  4. User Education and Policies– AI can drive engagement-focused dashboards that alert and educate users about what is happening on their network, the risks it presents, and recommendations on the next steps.

The stakes are high, and the time to act is now. For many of us, the idea that we will be attacked seems far off due to a lack of size or overconfidence. We continuously see from attacks how clever threat actors can breach a network through poorly secured IoT devices, potentially using them to target critical infrastructure, public services, or even your own network.

Leave a Reply