It seems that nearly every week, another IoT related security story is in the news. While most of the coverage still focuses on the hardware, organizations often forget the cloud infrastructure that connects the differing threads of IoT devices. These portals are a mega culprit in the complicated and risky security landscape. They are a modern day hacker's keys to your kingdom.
Instead of running a phishing campaign to discover and compromise individual devices, one at a time, a hacker can now utilize one device (or entry point) to gain access to millions of devices. Typically, this also exposes the data that resides on those devices, such as video footage. And unless strict coding practices and security controls are followed, implemented and audited on both the application and network levels, it is highly likely that such an application will be hacked.
So what are the best practices when it comes to building, managing, and securing a centralized IoT management portal? In his fourth installment on the IoT Agenda column, ThreatX CTO, Andrew Useckas, outlines the top 4 tips from his own experience white hat hacking and securing devices. Here's a preview of the first two:
- Implement regular vulnerability scans
- Know and monitor all potential attack vectors, including adjacent applications, servers, and more
Stay tuned for additional articles from Andrew via IoT Agenda in the coming months!