What are your top IoT security concerns?
Sort by:
I've been doing healthcare IT for the last 17 years, and whether we knew it or not, if you're running a lab, then you have all these robots, machines, etc. that are on your network. They’re either connected through a serial port to a computer that never gets patched, or it could be an X Ray machine at a hospital...it could be anything. I know a lot of people are struggling with protecting all these devices which are unmanageable.
Now that we're in this COVID environment, the main thing we're talking about is securing our devices, assets, the networks they leverage, and such. We're actually going through a device trust roll out right now, to train everyone on how they should manipulate these devices that we're enabling and empowering them with to be effective and efficient. The main thing is securing these devices. Yes, we like to have cool things, we like to have things operate quickly. But the thing that keeps me up at night is, what are we introducing to our environment? What kind of vulnerabilities are we creating by allowing more tools to exist? How can I make sure we're being safe and secure?
I had that issue at a previous company. Once we engaged with Armis we could discover all the devices we had in our environment, it turned out that we had 100x more than what we thought we had. We were discovering cars, watches, cameras, and everything else. It turned out one of our cameras on one of our buildings was compromised, and that's how the attacker got into our environment. Armis could detect what's normal behavior for this type of device, since you can't put an agent on it, and if it does something out of the ordinary it would catch it and tell you about it. That's where we went with this kind of security.
We've launched a new platform within our marketplace called DashMart. We're essentially building warehouses across the US now, that are housing my network equipment. We have people in these warehouse capacities who are working shift work around the clock which introduces new vulnerabilities that are touching and living within my corporate network. I can't fight it. So I have to find a way to secure it. I can't stress that enough.
I was reading an article saying how in 2018 there were over 20 billion IoT devices connected, but by 2025 they expect it to be close to 80 billion IoT devices. The way we’ve been dealing with IoT is securing the corporate Wi-Fi, the network, and making sure that there's some type of authentication to get to some of the crown jewels, if you will...and then just keeping it as an untrusted network. We just say “Here is our mobile Wi-Fi” and tons of things connect to it. We have the occasional apple watch on there, or someone’s personal phone, etc. The reality now is these same clients are connecting from their home networks. So the perimeter has suddenly expanded. Before, I’d worry about having nest devices in our corporate office. We’d make sure it's locked down. We have devices that would ping me about something happening with traffic that I should take a look at. But now, the devices are in somebody's home network. Who knows what type of devices they have in their home and which one gets compromised... and then boom, there's your attack vector. 5g is going to help, but the amount of IoT devices is just mind boggling.