How automation and identity security can protect IoT systems

By CyberArk

CyberArk shares the challenges of interconnected devices and how to overcome them.

A casino set up a fish tank with a wireless device to measure temperature and regulate feedings. Through this device, a hacker was able to hack casino systems and access information about its visitors, stealing 10 GB of data, according to Propmodo.

IoT can give physical objects the power of interconnectivity, however, this brings with it cybersecurity risks. Without adequate protections, IoT devices are a pathway for hackers to gain access to valuable data.

As governments turn to sensors and data to make services more seamless, how can they protect networks from uninvited guests? CyberArk experts explain how an automated inventory of devices and a centralised security system can help.

The challenge of connectivity


IoT security is a big part of cybersecurity - 90 per cent of organisations that use IoT had their device management system compromised in the last year, ITWeb reported.

One example was Peloton bikes, which are stationary exercise machines that are connected to the internet. A system vulnerability allowed outside users to access the personal data of bike-owners such as age, weight, gender and workout statistics, according to Forbes.

This trend is set to grow. Experts predict that there will be 24.1 billion active IoT devices by 2030, CyberArk reported. Organisations will have to pay more attention to protecting each of these devices to seal networks against hackers.

Establishing identity


A common way that hackers can gain access to IoT devices is by taking control of accounts that have privileged access to these devices. Ensuring that accounts are who they say they are will prevent IoT devices from falling under the control of hackers.

CyberArk uses a centrally managed network that controls privileged access for both human and machine accounts based on Zero Trust principles. Zero Trust ensures that organisations closely monitor which accounts have access to these devices and keeps out unknown users.

The organisation adopts an approach of ‘least privilege’. It limits user access to only absolutely essential areas, removing that privilege when no longer needed. This reduces the area that hackers can target, wrote CyberArk.

IoT devices are often manufactured with built-in or hardcoded passwords – making them easy targets. CyberArk adopts a centralised system that will replace default passwords with stronger ones, automatically rotating and managing privileged access without human error, wrote CyberArk.

If the system picks up on any suspicious activity, it may ‘isolate’ the IoT device in question from other systems on the network. This means that a compromised device will not be able to affect others.

This tool also records and monitors the activity of these devices for even greater cybersecurity oversight. “This approach gives you complete control”, wrote CyberArk.

Security through automation


“Keeping track of all these devices and ensuring compliance has become increasingly difficult,” wrote CyberArk. It is difficult enough for an IT team to manage the inventory of devices, but to also ensure every device is securely protected is another significant challenge, it explained.

51 per cent of all networked devices will be communicating with other machines without manual intervention by humans by 2022, reported CyberArk. It highlighted the need for an automated cybersecurity system to keep up with the digital communication that humans aren’t overseeing.

CyberArk provides an automated system that searches for and adds relevant devices to the organisation’s network, while assessing the risk level of each new device, it wrote. This includes cameras, doorbells, sound systems or any device that can be considered ‘smart’.

The system also provides fast software updates and security patches to all IoT devices. The central system ensures that only verified users will be able to remotely access these devices for updates and maintenance, CyberArk explained.

As more organisations look to gain insights about the physical world through IoT, they can’t afford to forget about cybersecurity challenges. By using additional tools such as automated systems and centralised security, tackling these challenges becomes more straightforward.