Approximately six or seven years ago Nozomi Networks expanded into servicing the IoT industry as an “explosion” in devices deployed by their customers represented significant challenges, said John Golden, Regional Director, who spoke to IoT Insider at the latest edition of IoT Tech Expo Global.
“Six or seven years ago we moved more into IoT … some of our customers had a number of challenges that they needed to fix. The first challenge was how do we identify those assets and how do we understand the vulnerabilities and secure those assets from threats,” Golden explained.
The protocols behind IoT and OT environments are different, but for Nozomi Networks, Golden said, years of dealing with different protocols and building up a library of them, so to speak, helped them to approach the world of IoT. “We’ve built a library of understanding and importantly, an integration into those protocols.”
“IoT may be more focused around building management, such as heating, ventilation, air conditioning, CCTV,” Golden continued, “whereas OT is typically more focused on production systems in manufacturing or substations within gas, electrics, water companies and utilities.”
Current estimates place IoT devices in the realm of 17 billion deployed globally, and it is only forecast to grow, which presents both challenges and opportunities.
“The scary thing with IoT is a number of these systems have been deployed for many years, on an ad hoc basis, and these systems typically have no or very little security out of the box,” said Golden, crediting a move towards digitalisation as being another push for securing different, connected assets.
“Legacy wise, they don’t understand where those assets are or what they do,” he said. “We help customers [to] understand assets, give them full visibility. We help them to understand the vulnerabilities.”
An infamous example those working in the cybersecurity space like to provide that warns of how connected devices increase the attack surface and, in some cases, are not regarded as a security risk, is the smart thermometer in a fish tank in a casino. In 2017, cyber attackers gained access to a casino’s database by exploiting a fish tank thermometer to get into the network.
“Organisations are adopting IoT to help them achieve operational and financial efficiencies through digitalisation,” said Golden, “[but] what they’re doing is increasing their attack surface, which means they’re more exposed to threat actor groups. If these products don’t have the right levels of security then they are at risk.”
Golden had a couple of key recommendations of how businesses could approach securing their devices and networks.
The first was to start with understanding the assets you have out in the field. “You can only secure what you know about. If you don’t have complete visibility, then there are gaps.”
The second recommendation was to understand the vulnerabilities associated with existing assets. “At that point, you’ll have a really good understanding of your risk profile,” he concluded.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.
