The Insecurity of Things | Best Practices for Automated Security Incident Response

How secure are IoT devices? Best practices and the case for automated security incident response

The Internet of Things (IoT) brings the potential of more convenience, connectivity, and productivity; in fact, Gartner says 8.4 billion connected “things” will be in use in 2017, up 31% from 2016.

With IoT, it’s not all about consumer devices for smart homes and online ordering convenience. Enterprises are embracing IoT devices with connected copy machines, HVAC systems, VoIP phone systems, intelligent subsystems, and more – all of which can be hacked.

But where does securing IoT and security incident response come into play?

While enterprises embrace IoT, they also expose themselves to security vulnerabilities. As of June 2016, 65% of enterprises have deployed IoT technologies and by 2018, 66% will experience IoT breaches according to a ForeScout IoT Risk Report.

Let’s examine some of the IoT security challenges organizations face, suggested IoT security best practices, and make the case for an automated security incident response strategy.

IoT Landscape is Evolving and Growing

IoT is more than just connected watches or smart refrigerators. Various industries like automotive, industrial, medical, manufacturing, and more are embracing IoT devices and solutions. General Electric predicts investment in Industrial IoT is expected to top $60 trillion during the next 15 years, according to Forbes.

But how safe are all these connected devices? Do more devices mean more attack surfaces for hackers?

IoT is Sometimes the Insecurity of Things

All these IoT devices/systems/networks are vulnerable to hacks: cars, smart home devices, medical devices, smart TVs, embedded devices.  Companies are tapping into IoT devices; however, unsecured IoT devices and systems expose your company’s or customer’s sensitive personal, financial, or medical data.

While ransomware attacks often target PCs, the Institute for Critical Infrastructure Technology predicts IoT devices can also offer targets for cyber attackers using ransomware. An example would be hacker-infected connected pacemakers and insulin devices with ransomware. Victims would have to pay a ransom to have those life-depending devices back in their control. In August 2017, medical device maker Abbott announced it was voluntarily recalling 465,000 pacemakers to install a cybersecurity patch in the devices.

 IoT Security Best Practices

While IoT devices increase the number and volume of incidents, IoT may also augment the complexity of resolving issues. Its important enterprises use a Security IR Orchestration and Automation solution to help them investigate and respond to the increased load. As a leader in automated security incident response technology, Resolve Systems created the following best practices to counteract the Insecurity of Things:

Create an IoT security strategy: Collaborate with stakeholders across your organization by creating an IoT security strategy/policy that should be implemented not only throughout the whole organization, but with vendors and partners. Consider these questions your policy should answer:

  • What are the security policies for IoT devices?
  • How can strong authentication help?
  • What are the rules and regulations?
  • How does the policy impact IoT applications, devices and networks?

Automate out the noise of false alerts: With an increase in IoT devices, it’s imperative you identify real and actionable alarms instead of scrambling each time a security alert occurs. By integrating a solution that automates, assesses, validates, and resolves threats (real or false), you reduce the time spent on false alarms.

Inundated by false alerts? Read Resolve Systems’ Definitive Guide for Responding to False Positives

Empower all SOC members with on-hand abilities: Avoid having security silos by leveraging existing IT and Security teams’ expertise and knowledge base. Identify the strengths of these team members and promote collaboration. IT and Security organizations need visibility and control as data and devices are traversing outside traditional on-premise networks.

Is your security incident response platform united with case management? Read about the benefits in the white paper Security Incident Response Needs a Unified Platform

Implement an automated response plan to resolve incidents quickly: Can a security incident be fully automated? Can these incidents benefit from Human-Guided Automation? These are just sample questions to ask before implementing an automated response plan. Overall, your plan should cover both full, end-to-end automation and human-guided automation

Think you need to define security procedures before you automate? Think again! Read more in the eBook Automation Myths of Security Incident Response

How Resolve Systems Can Help

The growing wave of IoT devices is impacting organizations of all sizes. And the security breaches also continuing to grow. With the recent Equifax data breach hitting the headlines, incident response and orchestration is a necessity.

Get more insights and be proactive with your incident response strategy. Sign up for the Resolve Systems Security Incident Response Workshop now.