To avoid severe enterprise cyber attacks, organisations must be aware of the Internet of Things (IoT) and how it may pose the biggest security risks and the biggest targets for criminal organisations and nation states.
“This year’s buzz is all about the IoT, which is made up of everyday devices that are IP-enabled, that can communicate over the Internet and transmit what may be very important and confidential data," says Armando Dacal, Regional Director ANZ, Palo Alto Networks.
"There are now more ‘things’ connected to the Internet that there are people on Earth.
“Massive numbers of devices means a myriad of ways to target an organisation. In fact, IDC projects the number of IP-enabled devices will reach 212 billion installed devices by 2020.
"That’s an enormous number of devices that will form networks, communicate with other devices and share data.”
There is a potential for cyber attacks to occur on these devices. Palo Alto Networks offer the following four best practices for organisations to secure IoT devices:
1) Identify and manage IoT devices by protecting them and controlling access to the data
2) Understand and identify which types of devices are part of the IoT. Similar to mobile endpoints, the information about the devices could be used in making decisions to protect the device, or its state could be used in making decisions to protect the device and control the data.
For example, a device that has malware can be blocked from accessing the IoT network
3) Protect devices against a spectrum of threats, including exploits and new, unknown forms of malware.
The protection of these IoT devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported
4) Secure data and application access by using the Zero Trust principles of least privilege access with granular segmentation.
“As we embark on the dawn of the IoT, these building blocks and principles provide the strongest foundation for security," Dacal adds.
"The biggest barrier that remains will be regulation around privacy of the data collected by devices, how it used and shared.
"This will likely require the cooperation of enterprises, governments and standards organisations before we can fully tap into the true potential of IoT.”