compromise than managed IT devices. Attackers frequently exploit default and predictable passwords to access smart devices, which can then be used to target other critical devices and networks. Recent regulations announced by the UK Government aim to address this issue by banning manufacturers from using weak, easily guessable default passwords. But while this is a significant step towards eliminating “insecure by design” devices, it is not enough to protect IoT environments from penetration.

Another reason for IoT environments having weak resilience is that IoT devices typically connect to an ecosystem that includes business applications, data centers, IT infrastructure, and the cloud. Their inherent lack of robust cybersecurity controls makes them attractive targets for hackers seeking entry into broader networks. Moreover, large-scale industrial IoT deployments do not easily accommodate the level of network segmentation required to mitigate cyber threats or prevent malware spread. Most IoT devices also lack the capacity to host software security agents due to their limited processing and communication capabilities, as well as insufficient space for such software.

Finally, IoT devices are often deployed without the involvement of IT or cybersecurity teams. This can lead to devices being placed in sensitive or insecure areas of the network, making them easier to compromise due to the absence of additional cybersecurity layers.

Keep in Mind: Security Guidelines

Companies operating critical infrastructure must adhere to certain OT and IoT security guidelines and best practices to mitigate cyber risk.

First, it's essential for companies to understand the types of IoT devices used within their organization and the associated risks, and to make sure that every device is accounted for. This involves identifying all the devices communicating on the network (including devices connected wirelessly), understanding the data these devices collect and transmit, and understanding the potential impacts of a cybersecurity incident. An integral part of this step is implementing an asset management mechanism that can track every connected device with real-time data.

Second, organizations should take steps protect their networks from threats by deploying suitable security controls. This includes measures capable of isolating or terminating connections linked to malware or other anomalies. It also encompasses network segmentation, multi-factor authentication (MFA), and encryption. Companies should establish a process to understand the most critical assets and to prioritize patching the highest risk and most vulnerable assets first to reduce overall risk exposure and increase resilience.

Implementing monitoring and detection mechanisms is another crucial step for companies to identify potential cybersecurity threats and vulnerabilities. These mechanisms could involve network monitoring, log analysis, and security incident and event management (SIEM) systems. Utilizing an industrial network monitoring solution that integrates with network access control (NAC) products can expose significant potential risks in real-time.

Next, companies need to develop a plan for responding to cybersecurity incidents. This includes procedures for isolating affected devices and systems and communicating about the incident to relevant parties. Comprehensive incident response playbooks and forensic analysis tools can aid in achieving this swiftly and efficiently. Finally, planning and practicing business continuity strategies for recovering from cybersecurity incidents is vital. This includes procedures for restoring affected systems and processes and mitigating any potential impacts.

In addition to these steps, companies should collaborate with industry partners and government agencies to share information about cybersecurity threats affecting IoT devices. Regularly reviewing and enhancing cybersecurity procedures to ensure they remain effective against the evolving threat landscape is also recommended. Critical infrastructure organizations should prioritize proactive defense strategies that include network segmentation, asset discovery, vulnerability management, patching, logging, endpoint detection, and threat intelligence. There is also a growing need for actionable asset and threat intelligence that can be used by different stakeholders within an organization such as IT teams, compliance officers, and risk managers who may have different perspectives on security issues.