A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
If You Connect It, Protect It Breadcrumb Home Insights Blog If You Connect It, Protect It October 1, 2020 It’s Cybersecurity Awareness Month. Here are some areas to focus on when considering IoT security, so you can keep bad actors out of your devices. Internet of Things (IoT) devices – in the simplest terms, physical objects designed to connect and share information with other devices via the internet – are rapidly gaining popularity. In fact, there were nearly 26.66 billion active IoT devices in 2019, up from 7 billion in 2018 . That’s almost four times as many in just one year! Unfortunately, IoT security isn’t booming to the same degree. Research by Palo Alto Networks found that 98% of IoT traffic is unencrypted, while some 57% of IoT devices are vulnerable to medium- or high-severity attacks . There is hope, though. As security decisions begin to consolidate under CISOs in many organizations, IoT security awareness is growing. Here are five of the top methods attackers use to exploit the weaknesses of IoT devices: Exploiting target device vulnerabilities. Attackers frequently exploit the unique vulnerabilities of particular IoT devices to gain entry to a network. Once they’re in, they can leapfrog to other systems and seek out higher-value targets. Password attacks. Many IoT devices come with default, manufacturer-set passwords. Many organizations never change these passwords, leaving them exposed. Additionally, misalignment between departments can lead to some devices receiving less advanced passwords, leaving a gap for attackers to exploit. Unclosed backdoors. Some devices remain vulnerable from prior malware infections. A prime example is the WannaCry ransomware attack. Devices previously targeted by the DoublePulsar malware had backdoors that attackers exploited to spread the ransomware. Unpatchable devices, such as those running on the deprecated Windows 7, leave many such backdoors wide open for attackers. Unsegmented networks. Malware can spread quickly on networks with a variety of device types. Once again, WannaCry ransomware devastated healthcare organizations where a mix of devices, such as PCs, scanners and medical imaging devices, coexist on the same network. Attackers only need one entry point into the network – for example, an unpatchable MRI machine running Windows 7 – to compromise every device. Botnet attacks. Some malware variants, such as Mirai, turn networked devices into remotely controlled bots that can be used to carry out large-scale attacks as a botnet. Frequent targets are consumer devices running on Linux, such as IP cameras and home routers. With a comprehensive security strategy that encompasses the entire IoT lifecycle and all IoT devices, it’s possible to defend against all of these tactics. We recommend: Discovery of all IoT devices on your network. Patching all easily patchable devices such as printers. Using VLANs to segment IoT devices, using micro-segmentation where possible. Introducing around-the-clock monitoring. Creating a vulnerability management process which includes: Asset discovery Identification of asset vulnerabilities Threat intelligence to prioritize vulnerabilities Patching, configuration management and isolation as remediation methods Download the full report here for more insights. By: Michael J. Clark Marketing Content Writer | Optiv Michael is a Marketing Content Writer at Optiv with a background in software and social media. He creates content ranging from case studies to blogs to email marketing campaigns. Share: Threat Cybersecurity Awareness Month CDX IoT
Would you like to speak to an advisor? How can we help you today? Image E-Book Cybersecurity Field Guide #13: A Practical Approach to Securing Your Cloud Transformation Download Now Image Events Register for an Upcoming OptivCon Learn More Ready to speak to an Optiv expert to discuss your security needs?