Font Size: A A A

Home > News > Interviews > New endpoint threat


New endpoint threat

This Christmas will see something like one in three Brits send their friends and family ‘smart’ gifts. It’s proof if any were needed of the huge impact the Internet of Things (IoT) is already having on our lives, writes John Ferron, CEO of security software company HEAT Software.

But while the benefits are immense, so are the risks. The Mirai botnet has proven just how poorly secured many consumer-grade smart devices are – and the impact this can have on organizations. As more and more of us bring our devices into the workplace, there’s a real fear that security professionals will simply not be able to cope with the deluge, exposing their organisation to countless threats. The only way to tackle this new endpoint threat is to improve IT-Security collaboration and equip the service desk with a unified set of automated security and management tools. From there we can finally gain effective visibility and control over all IT assets – the vital prerequisite to locking down risk.

A wake-up call

Mirai should serve as a wake-up call to security professionals everywhere of just how insecure consumer-grade IoT gear is. The malware in question simply scanned for home routers, IP security cameras and the like still using factory default log-ins, before recruiting them into a botnet. Mirai-based IoT botnets like this have caused headline grabbing outages over the past few months, most notably at DNS provider Dyn, which took major internet companies like Spotify and Twitter offline.
The point is that Mirai seems to be having no trouble in recruiting insecure IoT devices. Most recently Post Office, TalkTalk and KCOM customers found their home routers misbehaving as the result of an attack. Many manufacturers are rushing this gear to market without adequate checks. And many users appear to be unwilling or unable to deal with the consequences.

In the enterprise

The impact of Mirai on organisations has primarily been DDoS attacks causing key outages. But as more of your employees bring their smart devices to work, the risks multiply. Quocirca estimates suggest the average organisation is currently managing around 7,000 IoT devices. Even that may be on the conservative side, with some analysts claiming there’ll be over 30 billion connected ‘things’ online worldwide by 2020. Now ,empowering your mobile workforce with digital technologies is of course essential to drive a competitive edge, improving productivity and worker satisfaction. But it can also introduce serious security risk.

Each and every new connected endpoint in your organisation represents a potential avenue of attack for remote hackers. Consider how many home devices shipped with security flaws which made it easy for Mirai to compromise them, such as their failing to require users to change factory default log-ins on start-up. It’s not hard to believe they might also be carrying more serious software vulnerabilities. One firm discovered over 16,000 new software bugs in 2015 – not including IoT kit.
The result? A whole new category of exposed endpoints which could allow attackers to infiltrate the corporate network for data stealing operations, to deliver ransomware, or commit other nefarious activity. The impact on your organisation could be immense. Industry fines, damaged reputation, and remediation and clean-up costs are just the beginning. And with the European General Data Protection Regulation (GDPR) set to levy huge fines of up to 4% of global annual turnover for serious breaches, it’s time to take action.

Time to act

Forget trying to turn the clock back and prevent adoption of these new IoT devices in the organisation. That ship has sailed. Doing so will only lead to more risk as users look to circumvent controls in what has become known as “shadow IT”. The first challenge, therefore, is to discover what endpoints you have in the organisation. A shocking 65% of firms across Europe have little or no visibility. The service desk is arguably best placed to lead this effort, so arm it with effective IT asset management tools as part of a unified approach to endpoint security and management. Next, make sure those traditional siloes between IT and security are broken down. That will ensure any issues picked up by the service desk – which is in the perfect place to spot and connect incidents which may indicate a wider attack on the organisation – are escalated to security teams.
The best approach is one combining multiple layers of protection. Traditional tools like AV and firewalls are fine for commodity threats but not enough to spot modern attacks. Start with comprehensive patch management to fortify endpoints against known threats. And then complement this with app whitelisting to block zero day threats by ensuring nothing unsanctioned can run on the network. Add device control for USBs and removeable media; encryption to keep data safe wherever it is; and finally, enterprise mobility management to ensure policies are enforced on every device.

The key to effectively managing and securing a fleet of endpoints growing all the time thanks to the Internet of Things is through automated tools like the ones above. Because as smart device volumes explode over the coming years this will be the only way to stay on top of things with limited human IT resources at your disposal. With this structure in place there’s nothing to stop IT and security teams working in harmony to ensure the IoT is a competitive differentiator for your company, not a major security risk.


Related News