5 Myths Busted around IoT & IIoT Cybersecurity

A traditional take on the cyber threat landscape looks like - locking down each computing device to keep hackers and attackers at bay. In a connected world of sensors, devices, and systems feeding data to each other - this concept is archaic. As the internet of things (IoT) gains traction many organizations are trying to keep pace with it. Usage of IoT in Industrial organizations are rising with an inadequate solution to manage and secure them. This leads to a cybercrime market which is becoming a fast-growing sector that leaves businesses at risk.

‍

Let's debunk some of the common myths and misconceptions that will help you to be vigilant and aware.

Myth #1: IoT devices aren't attacked frequently:

Research conducted by Kaspersky concluded that IoT devices are more vulnerable and easy targets than ever before. The vulnerabilities are no more restricted to data theft or bot attacks. Hackers have found their way to networks, devices, and machines through the least resistive paths. The IoT breach has resulted in the threat of network disruption and data manipulation. To gain control and protect each IoT device it has to be actively monitored, maintained, and protected to swiftly counter the infection.

Myth #2: Conventional security model and strategy is keeping business well-guarded:

In an enterprise cybersecurity arsenal, perimeter security i.e., castle and moat approach (where  everyone inside the network has access to the data, but no outsider has access to it) doesn't suffice the security level. As the on-premise network is dwindling faster and cloud vendors spreading across, this simply exposes a larger attack surface. If the attacker crosses the "moat" then it has access to data and systems from within. Here, the zero-security model (no network traffic is trusted by default) comes to the rescue. This approach reduces risk and attack surfaces by allowing consistent visibility.

Myth #3: Relying only on the vendor security protections:

SolarWinds hack is a reminder to improve your organization's security posture and have third-party risk management in place. In the scenario of a data breach, third-party vendors are often a chink in the armor. To stay protected and safe, organizations must know the limitations of third-party exposure and uncover serious vulnerabilities by reviewing the data each vendor has access to.

Myth #4: Attackers have little understanding about proprietary system:

It is a common assumption among business leaders that OT cyber security breaches are insignificant and bad actors hunt down only data and let go of OT networks. But with the growth of industrial IoT, this is no longer true. The TRITON malware attack, WannaCry and NotPetya are malwares that compromised proprietary systems and impacted industrial control systems (ICS). These incidents are on the rise and can only be combated by understanding the gravity of the threats.

Myth #5: Cyber-securing IT systems are the same for OT:

There is a difference in securing Operation Technology (OT) systems in comparison with IT systems. It is a common misconception among IT personnel that the security processes can also be applied to OT as well. Servers, PCs, open ports, and unauthorized devices can be easily scanned. But to scan open ports and devices for OT systems can be overwhelming for Ethernet communication of some devices causing their communications to lock up, effectively triggering a denial of service.

‍

Conclusion:

Sometimes, a "smart" device doesn't imply it's secure. And sitting behind the firewall, doesn't mean it is well protected and can't be attacked.  An understanding of stringent cybersecurity measures is the need of the hour. Conducting security audits, monitoring critical assets regularly and staying informed on the best security practices is a must to ascertain the safety of your organization and customers. For more discussion around securing, managing and monitoring the devices in your enterprise, log on to, www.usec.io.

‍