IIoT Vulnerabilities: How to Protect Your Networks Against 3 Common Threats
There were 1.5 billion attacks on IoT devices from January to June of 2021 – up 100% from the second half of 2020. While the rise of IoT accelerates productivity up and down the industrial process chain, adoption comes at a price: increased vulnerability to attack.
This article will explore common IIoT vulnerabilities and show how security teams can protect their intelligent infrastructure against the most common vulnerabilities.
Jump to a section…
Notice the lack of Zero Trust above? While an important piece of modern cybersecurity strategy, Zero Trust has become so diluted as a concept that it's worth taking a moment to evaluate just what it can (and can't!) do. Click the banner below to watch our on-demand webinar and learn more:
How to Protect Against Common Industrial IoT Vulnerabilities
Defending Legacy Systems and Infrastructure
Many critical infrastructure operations rely on systems and infrastructure several generations behind current technology. These older systems generally have severely limited security capabilities and may be difficult or impossible to update. This makes legacy technology a prime target for malicious actors, who often more readily exploit these “low-hanging fruit” vulnerabilities. As David Finn, executive vice president at CynergisTek and a former CIO of Texas Children's Hospital explains, "Stuff that's 10-15 years old really was never designed to be on a network … Anything that connects to the internet is going to be at risk."
Security teams can use several tactics to help mitigate the risks posed by legacy technology. First, security teams need to focus on achieving complete visibility into their current tech landscape so they can identify, analyze, and prioritize the systems that contain the highest threat. This can allow them to isolate these systems from the network endpoints that may be an easy next step for a potential attacker. They can also uncover and eliminate any unnecessary services these legacy systems may provide in a process known as “hardening.” Finally, security teams should implement security monitoring solutions calibrated to spot suspicious and unusual activity on these systems.Back to top
Addressing Weak or Default Passwords
Robust password management is one of the most critical ways security teams can improve their organization’s industrial IoT security profile. Recent research revealed that the average individual has around 100 passwords, and even small organizations with approximately 250 employees have almost 50,000. The rapid growth of passwords combined with the lack of appropriate management has made password hacking one of the most common ways malicious actors compromise IoT devices.
The first step is to keep any new IoT device from connecting to the broader internet before it’s been vetted. Security teams should test the device to ensure it’s fully functional and update the weak default password to a strong one. The second step is to have a plan in place to regularly audit your IoT device landscape. This protocol should involve keeping any new devices from connecting to the network until they’ve been assessed by the security team and the default password has been changed.Back to top
Securing Data Transfer and Storage
IIoT devices are often constantly communicating with other devices on the network, sending and receiving potentially valuable data that could be vulnerable to interception. Recent research by Zscaler has revealed that most IoT transactions are not secure. Insecure machine to machine communication allows attackers to steal information and strengthen their foothold in the network. This makes securing the transfer and storage of data among IIoT systems a top priority for security teams.
Security teams should encrypt communications across their entire IIoT infrastructure. They are advised to use AES 256-bit encryption for data at rest and TLS 1.2 encryption for data in transit. With these data protection measures in place, organizations can significantly raise the security of industrial IoT systems.Back to top
How to Boost Industrial IoT Security with Microsegmentation
While this article has primarily focused on traditional approaches to mitigate the threat of IIoT vulnerabilities, newer, more powerful methodologies are rapidly becoming the new standard.
One of the most notable of these is microsegmentation. Microsegmentation divides networks into the smallest logical unit - the microsegment - which can range from a single endpoint to a few endpoints.. Once broken down, each distinct, granular sub-network is walled off from the others, significantly reducing the attack surface. This means that even if an IIoT system is breached,, the attacker has only gained access to that microsegment: To progress deeper, they have to move laterally, compromising microsegments one at a time. Those looking to learn more can click below to download your free copy of “The State of Microsegmentation in Network Security”.
But this is just one of the many advantages of using microsegmentation as part of a security strategy.
Byos has developed a microsegmentation solution designed to protect industrial IoT devices against the many threats they face. Its Industrial µGateway is built to enable security teams to apply this approach across an entire fleet of IIoT devices. This Secure Gateway Edge provides legacy device protection, ensuring that vulnerable IT infrastructure can operate safely. It also gives security teams total visibility into and control over the IIoT device landscape, allowing them to monitor, troubleshoot, update, and patch systems remotely regardless of the network. Finally, this solution can be deployed on top of existing network infrastructure; . Security teams will not need to alter the legacy endpoint OS or change the local network configurations to apply the power of microsegmentation to their IIoT devices.
From locking down legacy systems to providing comprehensive remote control, the Industrial µGateway is built to address the security challenges posed by IIoT vulnerabilities. Ready to learn more? Get started here.