By: Moshe Ben-Simon, CEO
We are already starting to see how the Internet of Things (IoT) — which connects everyday objects to the Internet — can help us transform our world for the better. Pretty much any physical object can be transformed into an IoT device if it can be connected to the internet and controlled in that way.
The uses of IoT in enterprises can be divided into two segments:
- Industry-specific offerings like sensors in a generating plant or real-time location devices for healthcare.
- IoT devices that can be used in all industries, like smart air conditioning or security systems.
In this article I will be focusing on two of the biggest industries that already use IoT devices and OT (Operation Technology) devices as part of their network. These two industries are healthcare and manufacturing.
Before understanding the security problems that IoT devices can cause, let’s put some facts on the table.
- 12-15% of any healthcare organization’s medical devices are connected via IP. This means that besides your classical IT security, you now have additional assets that can expose your network to more risks and can also impact people’s lives.
- Medical devices are also running legacy or outdated OS systems that are vulnerable to most of the exploits & malware that exist today.
- Healthcare IT & security teams cannot enforce proper security due the fact that access to medical devices will immediately have an impact on the vendor’s liability. I also haven’t mentioned the fact that most medical IT teams don’t even have a medical device inventory list.
Manufacturing OT Devices:
- Manufacturing networks are connected to the company CORP network directly or behind a firewall with a basic rule set and are easily exposed to malicious threat actors that penetrate the CORP network.
- Most of the manufacturing companies get technical support & maintenance on their SCADA infrastructure through a third-party company (supply chain risk).
- Most of the manufacturing sensors are also running legacy or outdated operating systems that are vulnerable to most of the exploits & malware that exist today.
According to surveys conducted by the Ponemon Institute, 67% of surveyed hospital network security specialists answered “no” or “unsure,” when asked if medical device security was on their short list of concerns. More shockingly, about a third of respondents made it clear that they hadn’t even contemplated the issue in their budgeting processes. TrapX Security’s recent Medjack.4 report is proof that multiple medical devices today are controlled by malicious threat actors that use them to exfiltrate PII data or to use them as a staging points to attack the rest of the healthcare assets for ransomware purposes.
In addition, cyber-attacks against manufacturers are occurring more frequently.
The complexity of manufacturing networks requires a solution that has zero effect on the network and must be easy to install and maintain due to the lack of the security team’s expertise on the manufacturing sites. You can see how it’s possible in TrapX Security’s Attack Against Manufacturing Devices report.
Unlike consumer IoT devices that can be nice gadgets, medical devices and manufacturing plant sensors have a powerful influence on the lives of many people. We cannot get safe medical treatment if a medical device is compromised; we also cannot be safe if a factory produces products using compromised machines.
The Solution: Diverting Attackers Away from IoT Components
Deception technology addresses this complexity by providing network visibility, easy to use passive installation and high-fidelity alerts.
Deception technology automatically deploys advanced traps that appear to an attacker like IoT components that are typical to the environment. Decoys distributed across the network divert the attack from important assets that cannot cope with attacks and draw attackers to the traps instead.
Such a solution simultaneously prevents real attacks, detects and engages the attacker and gathers data about the attack. Early identification and attack analysis are made possible without any changes to the IoT devices themselves and without tampering with their architecture.
Throughout the world, several large enterprises are already using deception-based cyber defense solutions to protect their IoT networks. Several enterprises have already succeeded in identifying cyber-attacks before any real damage could be done. They were able to identify the attack early, shut it down and bring their systems back to normal operations.
The deception-based solution provides enterprises with visibility into the problem and enables them to significantly improve other internal defenses.