Why Your Network Perimeter is Expanding, and How to Beat It
The past 10 years have seen many IT trends come and go - but the Internet of Things (IoT) is one that's here to stay, and with it, "perimeter creep" has become a major risk factor for organizations struggling to thrive in today's volatile cyber landscape.
Coupled with a shift towards remote and hybrid work, organizations are handling more endpoints both within and outside their local network perimeter than ever before. For cyber actors, this represents an expanded opportunity to target your IT infrastructure and workforce, making it a serious cybersecurity concern for businesses in 2023.
So how can you protect your organization in the face of constantly multiplying attack surfaces, and keep your sensitive business assets out of the hands of cyber actors? In this article, we'll explain.
How IoT Growth Drives Risk
The Internet of Things is steadily growing with every passing year - with the end of 2022, the world has over 14 billion connected devices, with the IoT market projected to hit $104.4 billion in 2023. Unfortunately, IoT devices cause risk in many ways.
- Poor vendor practices often leave IoT devices unprotected by design. For instance, many IoT devices do not require users to change their default password, come bundled with software vulnerabilities, and do not receive frequent updates.
- Users often bring IoT - such as connected printers and appliances - into the workplace without the permission of their IT team. This contributes to the growing problem of shadow IT, leaving administrators unable to monitor or protect endpoints.
- Industrial environments - including manufacturing and critical infrastructure - increasingly use industrial IoT (IIoT) within their network perimeter, providing an attractive target for malicious actors.
How Remote Employment Exacerbates the Problem
Remote employment and hybrid workplaces have risen steadily since 2020, with 32.6 million U.S workers expected to be working from home by 2025. Exacerbating the security risks associated with IoT, remote workers often connect their own devices to an organization's network, without the protection of enterprise firewalls, VPNs or other security measures.
According to one report, 49% of teleworkers use privately owned computers and laptops which are not managed by their organization. Not only do these add additional endpoints which malicious actors can use to penetrate your organization, but they also provide opportunities to target employees with phishing and other social engineering attacks.
Managing Your Expanded Perimeter
When faced with new cyber challenges, organizations must be prepared to adapt in many ways. The best approach to today's extended network perimeter combines better organizational and technological practices.
- Practice Third-Party Vendor Risk Management
To avoid common vulnerabilities in IoT products, organizations should practice third-party vendor risk management: this means vetting manufacturers during the product acquisition phase for quality control, industry reputation, customer feedback and business practices among other things.
The best IoT vendors will have a reputation for including strong security controls in their products, responsive customer support and frequent software updates that include patches for vulnerabilities. The same principle applies to third-party apps and software that augment IoT functionality.
- Apply NIST Security Controls
The National Institute of Standards and Technology (NIST) has published several useful resources to help businesses manage IoT security risk more effectively. In particular, special publication (SP) 800-213 provides guidance for identifying IoT security needs in your business environment.
The document guides readers through assessing risk and determining relevant security controls for different levels of risk impact. It also directs readers to other NIST publications for further guidance depending on device type and use case.
Ultimately, many of the security practices organizations are accustomed to applying from NIST 800-171 and 800-53 also apply to IoT devices. Meanwhile, NIST's IoT Cybersecurity Capabilities Catalog provides a guide to essential security features in off-the-shell IoT devices.
- Train Your Employees
Employees should be made aware both of the dangers associated with unauthorized IoT devices, and with devices used outside your on-premise network. Before introducing any new Internet-connected surface, they should communicate with IT to ensure the device can be vetted, approved and monitored for safety.
Remote employees should only connect to your network through devices dedicated to that purpose, using multi-factor authentication (MFA) when possible and alphanumeric passkeys to prevent unauthorized access. They should also be trained to recognize and avoid social engineering attacks which may target them through the Web, email, apps and social media networks.
- Consider XDR/EDR Solutions
In response to risk arising from the proliferation of remotely connected devices, consider implementing an extended detection and response (XDR) or endpoint detection and response (EDR) solution. These technologies provide real-time monitoring of your network and endpoints, alerting you to potential threats and allowing you to respond quickly and effectively to prevent or mitigate damage.
XDR/EDR solutions also provide centralized management and visibility which enables rapid decision making along with the ability to view your extended network at a glance. By giving administrators one central location to update software across connected devices, identify vulnerabilities and change security settings, XDR/EDR solutions ensure that fewer threats fall through the cracks.
At Epoch Concepts, we design, source and integrate solutions to empower our customers. From storage to infrastructure, cybersecurity and cloud solutions, we architect fully customizable IT solutions and offer continual customer support, seeking to align IT strategy with your unique business requirements. When it comes to composable and next-generation technologies, we are here to help you every step of the way. Contact us to learn more.