One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1882621 |
| Date de publication | 2020-08-26 07:01:00 (vue: 2020-08-26 07:12:19) |
| Titre | IoT security explained |
| Texte | This blog was written by a third party author. The Internet of Things (IoT) is a term used to describe a system of interconnected computing devices that use the internet to send and receive data without requiring human to computer or human to human coordination. The world of IoT encompasses a wide variety of technologies, vendors, and connectivity methods. While cameras, smart kitchen appliances and smart locks often come to mind, IoT devices are prevalent in all industries. IoT has broad applications across the enterprise and provides numerous benefits — including increased operational efficiencies, improved customer experiences, better business decisions, and keeping workers safe. For the organization looking to adopt IoT to any degree, security challenges must be overcome using more than typical network security solutions alone. Given the inherently insecure nature of the IoT space due to the lack of industry standards, new security complications arise. Any cyber risk related to an IoT deployment requires a proactive approach with security built-in from the start. Not unlike any new technology that enables digital transformation, the goal for IoT should include strategies that align the technology with the company’s current cybersecurity systems and policies. What are the security vulnerabilities of IoT? The use of IoT is expanding astronomically. According to research published in May 2020 by Transforma Insights, by the end of 2019, 7.6 billion IoT devices were active. By 2030, the number is expected to balloon to 24.1 billion. The rush to meet the growing demand for IoT devices is giving rise to favoring functionality over security. Connected and unprotected devices are vulnerable to botnet and distributed denial-of-service (DDoS) type attacks. Despite plans to adopt these devices in greater numbers, a Trustwave report notes that only 28 percent of organizations consider IoT-specific security strategies as “very important.” Alan Mihalic, founder and president of the IoT Security Institute, says that despite the incredible number of IoT devices, most are unsecured. “IoT devices provide an easy and attractive entry point for criminals seeking to enter an organization's network,” he said. “Moreover, their omnipresent nature provides access to opportunities never before possible within the technology environments; a presumably innocuous twenty-dollar IoT device can become the catalyst for a major cyber breach.” The IoT attack surface One look at the sheer amount of possible devices in the production environment gives us a window into the magnitude of threat possibilities. Because securing IoT devices requires real-time authentication and authorization, complexity is escalated — providing opportunities for bad actors to carry out many types of attacks. Whether it’s man-in-the-middle (MitM) attacks, leveraging stolen access credentials, spoofing or cloning, or encryption attacks targeting key algorithms, a hacker’s arsenal is well-stocked. But at its most basic level, IoT security is not built in from the ground up. Compromising a device is far simpler than most people think. Sadly, the most common userid/password combinations are support/support, admin/admin and default/default. For many devices, security is an afterthought. The mere act of changing a device’s default password can go a long way to pave the way for a robust IoT solution. How common are IoT attacks? IoT attacks are frequent, and they’re escalating. In the first half of 2019, honeypot |
| Envoyé | Oui |
| Condensat | “iot “it “moreover “often “these “very as most to 000 105 2018 2019 2020 2030 276 509 abnormal about access accessed according across act actionable activated active activity actors adaptable addresses adequate adequately admin/admin adopt advises afterthought against aggregated alan alerts algorithms align all alone also amount analytics and/or any appliances application applications approach approximately are areas arise arsenal astronomically at&t attack attacks attractive authenticate authentication author authorization aware back bad balloon basic because become before being benefits best better between beyond big billion biometrics blog botnet breaking broad built business but cameras can capabilities car carry catalyst certificate certificates certificates challenges chance changing channels cities clear cloning collected combinations combined come comes common communication company’s compared complete complexity complications components compromising computer computing concern connected connectivity connects consider consultants control controls coordination covering credentials criminals critical criticality cryptographic current customer customized cyber cyber breach cybersecurity cycle data ddos decisions default default/default degree demand denial deployment describe design despite detected developing development device device’s devices digital distributed distribution dollar down due each easy ecosystems edge effective efficiencies embark enables encompasses encryption end endpoint endpoints ensure enter enterprise entry environment environments environments; escalated escalating essential expanding expected experiences explained extends factor false far favoring first fit five fold founder frequent from functionality generation get given gives giving goal greater ground growing hacker’s hackers half hardware has have help honeypots how human hunting imperative implemented important improved include including increased incredible industries industry information infrastructure inherently innocuous innovate insecure insights institute integrity intelligence intercept interconnected internet iot it’s its journey kaspersky keeping key kitchen lack large launched layer layered layers learning level leveraged leveraging life like loaded locks long look looking machine magnitude main maintained major make making man management manufacturing many may means mechanism mechanisms meet mere methodologies methods mfa middle mihalic million mind mitigate mitm modeling models monitored months more most much multi multiple must nature needs network networks never new nine normalized not notes number numbers numerous of: often omnipresent one only onto operational opportunities organization organization's organizations other out over overcome party password patching pave people percent pin pki plans platforms point policies poor positives possibilities possible practice predictive prescribed president presumably prevalent previous primary privileged proactive production protecting protocols provide provides providing public public/private published range rather reactive real receive recently recommends reduce related report reports require requires requiring research revocation rise risk robust rush sadly safe safer said says secure securely securing security seeking send service services set sheer should simpler six smart solution solutions sophisticated space specific spoofing stage stages stakeholders stand standards start started static stocked stolen strategies such support support/support surface system systems targeting targets technologies technology term than these they’re things think third threat thwarted time training transforma transformation trustwave trying twenty type types typical unlike unprotected unsecured use used userid/password users using utilized valuable varied variety various vendor vendors vulnerabilities vulnerable way well what when whether which wide will window within without workers wo |
| Tags | Threat Patching |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.