Emerging IoT attack surfaces present attackers with tempting new targets
This is the first in a two-part series.
The meteoric rise of IoT has created a popular new attack surface for cybercriminals. The “2019 Sonic Wall Cyber Threat Report” indicated that there were 32.7 million cyberattacks targeting IoT devices in 2018, representing a 217.5% increase over attacks 2017. What is interesting, however, is that in the Attivo Networks 2018 Threat Detection Survey findings, securing IoT ranked just sixth on respondents’ list of attack surface concerns. This is possibly because IoT, medical IoT and other interconnected devices commonly fall outside of a security team’s responsibilities.
This circumstance is cause for concern. Adding to the gravity of the situation is the fact that these devices often have minimal security requirements, are governed by laws preventing third-party security adjustments and lack regulation, which has been slow in setting standards. With Gartner predicting that 25 billion connected devices will be in use by 2021, security teams will need to proactively search for new ways to both secure the ever-growing number of potential entry points and quickly identify attacks that use these devices for easier access to the network.
Emerging attack surfaces present new and often different challenges for defenders to overcome. Organizations must learn understand how security teams can better secure each attack surface.
Flexera’s”RightScale 2019 State of the Cloud Survey” indicated that 94% of enterprises utilize the cloud, with 84% of enterprises employing a multi-cloud strategy. The rapid growth of cloud and multi-cloud environments has presented organizations with shared security models to go along with both familiar and unique security challenges, so it is not surprising that 62% of Attivo Threat Detection Survey respondents listed securing the cloud as the top attack surface of concern. What compounds this particular situation the fact that many of today’s security tools rely on virtual network interfaces or traditional connections to servers, databases and other infrastructure elements, which are no longer available in serverless computing environments.
Unsecured APIs, which allow cloud-based applications to connect, represent a significant new threat vector for cloud users. Unsecured APIs and shadow APIs represent substantial potential dangers. Similarly, the rise of DevOps comes with a new set of vulnerabilities, including the proliferation of privileged accounts. Access to applications, embedded code and credential management all require a different assessment of risk and how to secure them. Given the fluidity of the environment, detecting credential theft and lateral movement quickly gain importance. Deception technology represents an increasingly popular approach to this, helping with the detection of policy violations and unauthorized access, as well as identity access management inclusive of credentials, exposed attack paths and attempted access to functions or databases.
Increased focus on edge computing has driven increased traffic to data centers and presents new security challenges as data processing and functionality move closer to end users. With more and more information stored in these data centers and the growing popularity of smaller, distributed data centers, there is an increased need to reassess security frameworks and their fit for these new architectures. The arrival of 5G is also likely to fuel the growth of edge computing. In this environment, security, privacy and storage management will need additional attention. Scalability of security systems will be critical as data centers increase in size and given the distributed nature of these networks.
Whether on-premises or in a remote data center, threats may come in both internal and external forms and may be intentional or unintentional. Incomplete or inadequate screening of new employees, lack of consistent internal protocols and limited access control can create an unsafe environment for data and operations. Lack of backups and disaster recovery services can also render information vulnerable to disasters — natural or otherwise. Securing the complete digital ecosystem is about more than just fitting today’s needs. The way those needs are rapidly evolving will require assessing security frameworks and their fit in the various environments, as well as an overlay view of how an attacker would attack them. Once organizations have completed identifying risk, they can move forward with establishing a full security fabric comprised of prevention and early detection tools, as well as the programs for faster and automated incident response.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.