How deception technology helps to protect against IoT attacks

How Deception Technology Helps to Protect Against IoT Attacks

Carolyn Crandall, Chief Deception Officer at Attivo Networks

Securing both business and operation technology (OT) networks effectively against cyber threats is a constant challenge. It requires a multi-layered approach, with strong external-facing defenses, backed up by further internal threat detection measures to mitigate any attacks that penetrate the network.

As cyber criminals up the ante to capitalize on security vulnerabilities, one area of particular concern is the protection of an ever-growing list of connected devices. IoT devices, in particular, are notoriously difficult to protect from external actors comprehensively.

The use of deception technology is emerging as an essential component in a multi-layered security strategy to control the path and derail the efforts of attackers without disrupting operations.

IoT has never been more important

The recent pandemic has highlighted how embedded IoT now is to our way of life. Lately, connected devices have played a critical role in helping to slow the spread of coronavirus and treat those that it affects. IoT devices, for example, are helping to notify people if they have come into close contact with someone showing COVID-19 symptoms, as well as aiding health authorities to track the spread. Healthcare providers are using the technology to monitor and treat patients, while researchers rely upon it for developing treatments and vaccines.  In the workplace, connected devices will help to minimise the risks of passing on the virus, with new advancements in contactless entry, elevated temperature sensors, and on-premise contact tracing.

In short, the consequences of COVID-19 could have been exponentially worse without IoT devices. As a society, we grow increasingly reliant upon IoT for services and to help us manage and improve the safety and security of the population, a fact that cybercriminals are using to their advantage.

IoT devices under attack

Securing connected devices against external threats can present a challenge. It is not always possible to load security software onto these systems and they may be running on old firmware that is not patchable. There is also the issue, particularly in the case of medical IoT devices, that the organization is not allowed to modify them for safety reasons as it could alter operating behaviours.

Even when it is possible to update IoT software, the logistics of doing so are problematic. Organization that run critical systems – healthcare, utilities, and so on – operate their connected devices 24/7, often making it hard to locate these devices, collect them and take them offline for security maintenance.  For instance, in a large hospital, it may pass continually from patient to patient, and one would not want to force a security patch without confirming it would not impact patient care.

Additionally, when an organization is operating several thousand IoT devices, it may view using default passwords for each IoT device as a convenience to make it easier for users or engineers to connect to multiple devices in a single day, yet there are clear security implications.

Cyber attackers have shown, especially in the last few months, that no target is off-limits. They have attacked the IT systems of healthcare facilities treating the sick, as well as those of researchers working on vaccines for COVID. They will look for any way into a system that offers the path of least resistance. In some cases, this might be via an IoT device.

One further challenge for businesses is segmenting IoT or OT networks from their IT networks. IT and OT networks used to be air-gapped so that infections in the IT network would not get onto the OT network and cause damage to critical infrastructure. However, digital transformation has resulted in interconnected IT and OT networks. As a consequence, there are thousands of devices on the IT network that have little protection and present an opening for threat actors to get in.

How deception can have your back

Using security controls to prevent unauthorised access to a network is an effective first line of defence. However, a persistent and dedicated attacker will likely find a way through. Once inside the network, gaining full visibility of how and when the attacker penetrated the network can prove challenging.

One way to address these inherent challenges and detect an attack swiftly is with deception technology. Organization deploy decoys and lures that look like genuine IoT assets to deceive the attacker and pair them with other forms of misdirection that lead the attacker away from real assets by serving them with false information. Touching just one of these decoy assets reveals the attacker’s presence, notifying the security team as soon as anyone interacts with them. These deceptive assets lead the adversary further away from anything of real value, protecting genuine assets while they waste time in a decoy environment. At the same time, the deception engagement servers record their tactics, techniques, and procedures (TTPs) to help inform defensive measures further, gathering valuable intelligence such as the vulnerabilities and exploits that attackers are using.

The IoT and connected devices promise to bring enormous benefits as we all adapt to a “new normal” way of living and working. Protecting them against threat actors will be critical to the success, safety, and security of the IoT operations and prevent them from being a danger to the well-being of humans. A multi-faceted approach that includes visibility and deception is an effective way to boost security, deterring threat actors, and forcing them to review both their presence and tactics.

About the Author

Carolyn Crandall authorCarolyn holds the roles of Chief Deception Officer and CMO at Attivo Networks.  She is a high-impact technology executive with over 30 years of experience in building new markets and successful enterprise infrastructure companies. She has a demonstrated track record of effectively taking companies from pre-IPO through to multi-billion-dollar sales and has held leadership positions at Cisco, Juniper Networks, Nimble Storage, Riverbed, and Seagate. Carolyn is recognized as a global thought leader in technology trends and for building strategies that connect technology with customers to solve difficult operations, digitalization, and security challenges. Her current focus is on breach risk mitigation by teaching organizations how to shift from a prevention-based cybersecurity infrastructure to one of an active security defense based on the adoption of deception technology.

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.