Last Updated on August 31, 2020
Ever heard the story of the casino database hacked via their Internet of Things (IoT) enabled fish tank? Sounds like science fiction but turns out it’s true. By 2025, International Data Corporation (IDC) estimates that there will be 41.6 billion IoT devices. With the ever-increasing number of IoT devices in our lives, IoT risk management practices are not keeping up with the increasing level of risk.
So how can you protect your organization from IoT device related risks? Here are 4 quick tips to help you manage IoT risks:
1) Ensure IoT Risk Management is integrated into your organization’s Enterprise Risk Management (ERM) function.
Typically, organizations with an ERM program include communication and visibility at the board or executive level. IoT risks are continually increasing and executive leadership needs to be aware of these risks so they can support your risk management efforts. If it’s out of sight, it’s typically out of mind…
2) Develop a formal IoT Policy and assign responsibility for IoT management.
Establishing a formal IoT Policy and assigning the accountability and responsibility for IoT device oversight is essential. You should establish rules that require approval before IoT devices can connect to your organization’s network and not allow unsecured IoT devices under any circumstances. These devices should be placed on segregated networks and monitored by your organization’s endpoint software (if capable).
3) Update and maintain your asset inventory with IoT devices.
Many organizations have no idea whether they have IoT devices within their environment. You can’t protect something if you don’t know whether it exists. There are many helpful tools that can help you discover and identify these devices on your network. You also need to ensure that once these IoT devices are identified, they are included within your asset inventory and managed accordingly.
4) Improve your risk assessment practices by identifying IoT device risks.
IoT devices bring increased levels of complexity and capability that pose an increased level of risk to your organization. With this increased complexity, it is imperative that you improve your risk assessment practices. You should update third-party risk management (TPRM) questionnaires and vendor contract language to include risks related to IoT security. You may also want to update your incident response plans to account for scenarios involving unsecured IoT devices.
The four tips outlined above barely scratch the surface. There are many additional aspects to consider to properly manage the risk associated with IoT devices.
If you need help with IoT Risk Management, contact Pivot Point Security today to speak with an expert about your needs and how we can help.