NuHarbor Security
  • Solutions
    Solutions
    Custom cybersecurity solutions that meet you where you are.
    • Overview
    • Our Approach
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • By Business Need
      • Identify Gaps in My Cybersecurity Plan
      • Detect and Respond to Threats in My Environment
      • Fulfill Compliance Assessments and Requirements
      • Verify Security With Expert-Led Testing
      • Manage Complex Cybersecurity Technologies
      • Security Monitoring With Splunk
    • By Industry
      • State & Local Government
      • Higher Education
      • Federal
      • Finance
      • Healthcare
      • Insurance
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Services
    Services
    Outcomes you want from a team of experts you can trust.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Security Testing
      • Penetration Testing
      • Application Penetration Testing
      • Vulnerability Scanning
      • Wireless Penetration Testing
      • Internal Penetration Testing
      • External Penetration Testing
    • Assessment & Compliance
      • CMMC Compliance
      • NIST 800-53
      • HIPAA Security Standards
      • ISO 27001
      • MARS-E Security Standards
      • New York Cybersecurity (23 NYCRR 500)
      • Payment Card Industry (PCI)
    • Advisory & Planning
      • Security Strategy
      • Incident Response Planning
      • Security Program Reviews
      • Security Risk Assessments
      • Virtual CISO
      • Policy Review
    • Managed Services
      • Curated Threat Intelligence
      • Managed Detection and Response (MDR)
      • Sentinel Managed Extended Detection and Response (MXDR)
      • SOC as a Service
      • Splunk Managed Services
      • Tenable Managed Services
      • Vendor Security Assessments
      • Vulnerability Management
      • Zscaler Support Services
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Partners
  • Resources
    Resources
    Explore reports, webinars, case studies, and more.
    • Browse Resources
    • Consultation Icon Consult with an expert
    • Blog icon Blog
    • Podcast icon Podcast
    • Annual SLED CPR icon Annual SLED CPR
    • Downloadable Assets icon Downloadable Assets
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Company
    Company
    We do cybersecurity differently – the right way.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Leadership
    • News
    • Careers
    • Contact
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Consult with an expert
  • Client support
  • Careers
  • Contact
1.800.917.5719
NuHarbor Security Blog
    • Compliance
    • Cybersecurity Technology
    • Security Operations
    • Industry Insights
    • Security Testing
    • Advisory and Planning
    • Application Security
    • Managed Detection and Response
    • Threat Intelligence
    • NuHarbor
    • Managed Services
    • Cyber Talent
November 6, 2020

Securing IoT Devices for Businesses

NuHarbor Security

Securing IoT devices is an important but often overlooked aspect of enterprise security. IoT devices can seem innocent, but some have severe security issues that can offer a quick and easy entry point for attackers into a network. If not properly secured, an attacker can quickly move laterally from an IoT device and spread throughout an environment. Ensuring that IoT devices are robustly secured is critical to any organization.


IoT Security Issues

IoT devices are often overlooked in traditional enterprise networks and aren’t always considered in older security plans. Additionally, IoT devices aren’t always built with best security practices in mind, and don’t always receive regular security updates from the vendor. That said, IoT devices can become easy targets for compromise, and used to pivot into a network to compromise traditional assets like workstations and servers. A great example is the recent headline about attackers breaking into a smart thermostat in a casino's fish tank, and using the compromised IoT device to spread laterally and exfiltrate over 10GB of the casino’s database records.  

IoT devices aren’t just limited to doorbells and voice assistants. Many consumer and enterprise devices are having IoT functionality added to them, and these devices need to be identified and protected as they are installed. In 2020 almost every organization has some kind of IoT device in their environment, whether they know it or not. Here’s a list of “non-traditional” IoT devices that are often overlooked:

  • Smart TVs
  • HVAC Units
  • Security Cameras
  • Kitchen appliances (e.g. refrigerators, coffee machines, etc.)
  • Video Conferencing Solutions
  • Employee devices (e.g. smart watches)

Securing IoT Devices

There are a number of ways to secure IoT devices, but the four most effective ways are to:

  1. Audit existing IoT devices,
  2. Assess risk when purchasing new devices,
  3. Isolate IoT devices from the rest of the network,
  4. Ensure that IoT devices are kept up to date.

Audit Existing IoT Devices

The first step to securing IoT devices is to perform an audit to identify and record all devices currently in the environment. Since IoT devices aren’t typically registered to a domain or other inventory system, a device discovery solution is recommended to sweep the environment and find all devices present. For each device, record physical and network location, device manufacturer and model number, relevant serial numbers, software versions, and any other relevant information to create an inventory of all IoT devices. This can be used to create device profiles and is useful for identifying potential security issues, as well as aiding in manual updating of firmware if needed. Once a complete inventory is taken, evaluate the security risk of each device based on network exposure, last updated firmware date, known security vulnerabilities, and other organization-relevant risk factors of the device. If there are security concerns for a device, consider removing the device or replacing it with a newer or more secure alternative.

Assess Risk Before Purchase

Evaluating the risk of an IoT device before purchase can save your organization from headaches and potential security issues down the road. When considering a device, determine the reliability and reputation of the manufacturer, and the length and level of support for past devices. This can serve as an indicator of how well a manufacturer is likely to support devices with security patches and updates in the future, which is a critical aspect of IoT security. Additionally, try to find third party security research on the device to ensure that manufacture claims about security are accurate. Make sure to consider privacy and surveillance risks of devices – especially if they have a camera or microphones. When you purchase new IoT devices, do not forget to add device to the IoT inventory.

Isolate IoT Devices from Network

Isolating IoT devices from the rest of your network is one of the best things you can do to prevent a threat actor from moving laterally into the rest of your network if they compromise an IoT device. Creating an isolated IoT network segment with separate wireless networks and IoT VLANs is the best way to reduce the network exposure of IoT devices and isolate IoT network traffic from other systems.  Follow the principle of least privilege when creating access and firewall rules, making sure that the IoT segment is as locked down as possible while still maintaining functionality. Since most IoT devices cannot accept traditional endpoint security and logging solutions, monitor the IoT network traffic to detect abnormal activity that could indicate a breach. IoT breaches can be hard to detect, so implementing network monitoring is crucial for stopping an attacker before they can move laterally.

Keep IoT Devices Up to Date

Some IoT devices do not have the capability to automatically download and install software updates and security patches, so manual security patches are sometimes required. Regularly review the IoT inventory and look for updates or security patcher for the vender, and check for any newly discovered vulnerabilities of the device. Make sure to update any security controls if there are feature updates for IoT Devices, as they may require additional services. If no recent updates have been issued for a device or the manufacturer has stopped supporting the device, you may want to investigate replacing it with a newer device still in support.

Conclusion

Ensuring IoT devices are properly secured is critical to protecting your organization from cyber threats, and an essential part of any infosec program. As your trusted end-to-end security provider, NuHarbor is ready to bring your security to the next level. If you need a gap assessment, security program review, or just want to speak with an expert, get in touch with us today!

Follow us on Social Media for more information:

Twitter facebook LinkedIn instagram

[hubspot type=form portal=9212203 id=78ed4f55-84a0-4cb8-bae7-8d92e16878ab]

Included Topics

  • Compliance

Related Posts

Compliance 3 min read
Securing Healthcare from Ransomware Attacks Read More
Cybersecurity Technology 5 min read
5 Tips to Secure Your Devices Read More
1 min read
Bringing SIEM to the Next Level Read More

Subscribe via Email

Subscribe to our blog to get insights sent directly to your inbox.

Subscribe Here!

Latest Pwned episodes

Episode 200 - Reflections of Pwned...Until Next Time
April 03, 2024
Episode 200 - Reflections of Pwned...Until Next Time
Listen Now
Episode 199 - When a BlackCat Crosses Your Path...
March 21, 2024
Episode 199 - When a BlackCat Crosses Your Path...
Listen Now
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
March 08, 2024
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
Listen Now
NuHarbor Security logo
NuHarbor Security

553 Roosevelt Highway
Colchester, VT 05446

1.800.917.5719

  • Solutions
  • Services
  • Partners
  • Resources
  • Company
  • Contact
  • Privacy Policy
Connect
  • Twitter
  • Linkedin
  • YouTube
©2025 NuHarbor Security. All rights reserved.