Joshua Knight, Executive Vice President Cyber Defence, Digital14, shares best practices to protect organisations against emerging threats.
Smart Cities are expected to boost lucrative business opportunities for the UAE and the region but it comes at a cost with the Internet of Things (IoT), the technology underpinning these complex and interconnected urban networks, offering a considerably expanded attack surface for cyber adversaries. Despite the capabilities of a Smart City to unlock business potential, they are increasingly vulnerable – with the proliferation of smart and connected devices offering opportunities for cybercriminals.
Across the UAE, Smart City projects are now well underway, with the Global Connectivity Index (GCI), which measures countries’ digital transformation progress, listing the country as number one in the Middle East. IoT is a prominent Smart City technology, more than 25% of attacks against enterprises this year will involve IoT devices, and it is projected that 51 percent of all networked devices will be IoT-enabled by 2022 – with each serving as an entry point for malicious actors.
The entire GCC is susceptible to cyberattacks, with over 42,500 IP cameras potentially vulnerable and almost 8,000 digital video recorders (DVRs) openly exposed to threat actors across the globe. The UAE alone is hit by an average of 304 IoT-based attacks per day, the highest in the region.
There is an underlying need for organisations to adopt a revised approach to protect themselves against new and evolving threats in the new complex landscape of the IoT-enabled smart business. At Digital14, we have identified six best practices that will counter cyberattacks and allow enterprises to thrive in the Smart City environment:
Validate IoT devices before deployment
Those seeking to on-board new IoT devices across their enterprise should test and validate equipment from the vendor through an adequate vulnerability assessment. Routers and IP cameras are among the most vulnerable IoT devices and, although vulnerabilities such as default credentials and outdated software are usually easy to mitigate, they are even easier to detect and prevent during a security assessment before devices are widely deployed.
Segment IoT networks
As IoT devices are often deployed in higher volumes than network infrastructure systems, the attack surface is broadened considerably. IoT devices should be isolated from sensitive consumer and enterprise data. Organisation should consider completely eliminating any connections between the IT and IoT environments that do not pass through a Demilitarized Zone. Ensure that external connections arrive through VPNs with two-factor authentication. A granular, policy-based segmentation ruleset should be developed to actively control which devices communicate with each other.
Monitor device activity
Monitoring IoT devices can be complicated with traditional log management systems, however, most active threats operate over common network protocols, therefore network traffic should be continuously monitored for anomalies. Placing security controls such as an Intrusion Detection System in line with network-segmentation can assist in the early detection of IoT attacks or suspicious activity. Automated asset discovery and a network topology mapping system can regularly scan the network and report its findings for regular auditing, review, and compliance with organisational goals.
Incorporate IoT devices with risk assessment
Although some IoT devices may not carry a substantial impact beyond their function as access points to identify, read, and exfiltrate sensitive data; IoT equipment such as biomedical devices or ICS units could be attacked – with subsequent catastrophic results. Organisations should have a policy and baseline set of controls for classifying and protecting IoT devices taking into consideration threat scenarios, impacts, and risks. IoT devices introduce significant challenges and differing weights within risk-management processes. IoT devices by design, may not support the third-party applications needed for patch management. Firmware must be upgraded immediately when made available by its vendors.
Smart City-enabling technology requires the production and storage of substantial volumes of data. Determining the infrastructure and security controls necessary to safeguard this data before the technologies are deployed will reduce the risk of database exposure. Prior to the launch of new IoT technologies, the sensitivity and location of forthcoming data must be properly incorporated into risk assessments.
Regular audits for cloud providers
Smart Cities’ different components will generate high volumes of data that will require vast quantities of storage, with organisations partnering with cloud providers to fulfil storage requirements. Regular audits to assess the risk of cloud providers are therefore a necessity. Since IoT devices often store sensitive personal information about their users, an accepted cloud computing audit assurance program should be deployed to assess and confirm the policies and controls of all cloud data partners.
Smart Cities will present an array of opportunities moving forward, both in terms of improved business productivity and consumer experience, however organisations must be aware of the potential security weaknesses within their networks. By implementing the above best practices and safeguarding systems, the promised potential of smart cities will inevitably come to fruition in a safe and secure manner.
For further information, download Digital14’s Cyber Resilience Report here.