Knowledge of the Internet of Things (IoT) is becoming increasingly important in order to minimise security risks for governments and companies.
Palo Alto Networks regional director Australia and New Zealand, Armando Dacal, says IoT might be one of the biggest targets for criminal organisations and nation states.
“This year’s buzz is all about the IoT, which is made up of everyday devices that are IP-enabled, than can communicate over the internet and transmit what may be very important and confidential data,’’ Dacal says.
“There are now more ‘things’ connected to the internet than there are people on earth.
“Massive numbers of devices means a myriad of ways to target an organisation.”
Palo Alto Networks offers four best practices for organisations to secure IoT devices and avoid cyber-attacks:
1. Identify and manage IoT devices by protecting them and controlling access to data.
2. Understand and identify which types of devices are part of the IoT. Similar to mobile endpoints, the information about the devices could be used in making decisions to protect the device, or its state could be used in making decisions to protect the device and control the data. For example, a device that has malware can be blocked from accessing the IoT network.
3. Protect devices against a spectrum of threats, including exploits and new unknown forms of malware. The protection of these IoT devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.
4. Secure data and application access by using the Zero Trust principles of least privilege access with granular segmentation.
“As we embark on the dawn of the IoT, these building blocks and principles provide the strongest foundation for security,’’ Dacal says.
“The biggest barrier that remains will be regulation around privacy of the data collected by devices, how it’s used and shared.
“This will likely require the cooperation of enterprises, governments and standards organisations before we can fully tap into the true potential of IoT.”