An “Inside-out” Approach is Necessary to Detect and Mitigate IoT Breaches

An “Inside-out” Approach is Necessary to Detect and Mitigate IoT Breaches

An Ericcson report on mobility forecasts that by 2023 there will be over 30 billion connected devices, of which around 20 billion will be related to the Internet of Things (IoT). Among these connected IoT devices are machines, meters, sensors, cameras, point-of-sale terminals, industrial controls, connected cars, medical devices, consumer electronics and wearables.

With so many “things” coming online so quickly, businesses across the world must act now to ensure their IoT breach detection capability is as effective as possible. However, a study by Gemalto says that only about 48% of companies can detect when their IoT devices have been breached.

That means about 52% of companies can’t detect an IoT breach. This statistic is remarkably close to another figure from a separate survey on the subject of IoT breaches. In a 2017 survey conducted by Altman Vilandrie & Company of approximately 400 IT executives across 19 industries, nearly half of IoT security buyers say their company actually experienced a breach in the prior two years.

The Altman Vilandrie survey also found that the cost of an IoT breach can be quite high. More than half of the companies with annual revenue of less than $499 million faced up to $250,000 in financial losses as a result of an IoT breach. Smaller companies with annual revenue of less than $5 million reported losses of approximately 13.4% of their annual revenue. Meanwhile, nine companies that generate $5 billion or more in annual revenue had losses of at least $20 million due to a breach.

Financial losses are only one troubling aspect of IoT breaches. A malicious attack on IoT devices can affect their operation, cause damage or lead to a ransomware situation. For example, in the case of a breached medical device such as a defibrillator or a pacemaker, interference with the device’s normal mode of operation can literally be a matter of life or death for the patient. For industrial controls, a breach can lead to dangers such as a centrifuge spinning out of control or a furnace exceeding temperature thresholds, causing massive damage or destruction of the equipment. The consequences of an IoT breach can be bad, indeed.

Why is it so hard to detect an IoT breach?

Network monitoring is the typical method for attempting to detect threats surrounding network-attached devices, including IoT devices. Most mid to large-sized companies have implemented a sufficiently effective security program around their IT operations. The OT side of the house, however, is still playing catch-up, largely because the threat monitoring tools for industrial and other IoT devices are inadequate. In addition, traditional asset discovery and tracking tools often overlook or can’t detect IoT devices, and thus they aren’t registered in asset inventories.

Monitoring tools developed for the IT side of the network don’t work well in OT environments due to incompatible systems, proprietary operating systems and insufficient sensors. Network monitoring looks for suspicious behaviors and activities on the network, but it can’t detect these characteristics on the IoT devices themselves. Dangerous or threatening activity can occur on the IoT devices where network monitoring can’t detect changes to controller code, firmware or device configurations.

IoT devices must be protected from the inside

Once an attacker gets inside perimeters defenses and onto an OT network, there is little protection for IoT devices. Many if not most of them are inherently insecure because they were built without internal defensive mechanisms or the means to repel attacks.

Consumer-oriented IoT devices are typically built with low cost, ease of use and convenience as priorities over security. Commercial or industrial IoT devices often lack inherent security because manufacturers considered they would be “secured through obscurity” and not exposed to threats on the Internet or private networks. For the most part, IoT manufacturers operate without the benefit of security standards, regulation or even industry oversight—although that is beginning to change.

Manufacturers need to adopt a new mindset on security. If they are protecting their devices from the inside (as opposed to building a security perimeter around them), they can remove threats without affecting the normal operation of the devices.

What does it mean to “protect a device from the inside”? It means that security should be given a high priority throughout a device’s lifecycle. Manufacturers should be building the requisite cybersecurity defenses into their devices to ensure they ship without vulnerabilities, are resistant to attack, can facilitate critical updates, and can be actively monitored for signs of software failures and other serious conditions. This is where Cybeats can help.

Cybeats protects network-enabled IoT devices throughout all phases of their lifecycle. Using secure microagent technology embedded within each device, Cybeats is able to:

• Secure new devices to ensure they are without vulnerabilities before being deployed,
• Monitor the health and behavior from inside the devices,
• Protect devices from threats once they are deployed, and
• Fix devices by orchestrating the distribution of updated firmware when needed.

Cybeats software is embedded into devices to provide continuous protection, allowing devices to instantly detect usage abnormalities as well as the most sophisticated threats; block the threats to prevent harm; and gather intelligence to help neutralize the threats and provide device health telemetry to the manufacturer. Once the manufacturer updates the firmware to eliminate vulnerabilities, Cybeats automatically distributes it to all devices in the field to make them “healthy” again while minimizing downtime.

This lifecycle protection allows customers and end users to benefit from the value of connected devices and equipment without increasing their risk profile. Device manufacturers benefit from being able to use device security as a key competitive differentiator.