Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The IoT: Gateway for enterprise hackers

Taylor Armerding | Dec. 12, 2016
The risk of notoriously insecure Internet of Things devices is not so much that those devices themselves will be compromised, but that they provide dozens – perhaps hundreds – of openings that could allow attackers to get inside an enterprise network

But while the IoT threats are obviously expanding and evolving, both Fry and Harrington said security basics remain the same.

“We’re seeing the same problems we saw 20 and 50 years ago,” Fry said, “where we have to go back and find whether devices are being properly patched, physically secured or being allowed to communicate without restriction. We need to make sure this is something we are looking for, and that if an attacker is using something like this device, we can detect and analyze it.”

Harrington said he believes the IoT, even with the new wireless protocols involved, doesn’t even amount to a new paradigm. “The IoT has changed many things,” he said, “but from a security perspective, it’s the same challenge as dealing with any other security risk. It requires a programmatic approach – threat modeling.”

That, he said, has four components:

  • Identify the assets your organization cares about protecting.
  • Identify your potential adversaries – nation states, organized crime or other kinds of groups.
  • Understand your attack surface – the IoT is just one of them.
  • Know how adversaries are likely to attack.

“That approach will help companies think through this and any security problem,” he said. ”Then you can start thinking about tools and techniques.”

 

Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.