One of the most notorious, and damaging, cyber attacks in recent years was the 2013 one on Target that enabled the hackers to gain access to data on 70 million customers.
How they did has become the stuff of cyber security legend: they gained access to login credentials given to a company that maintained Target’s HVAC systems and, subsequently, to Target’s point of sale devices from which they extracted the customer data as card were being swiped. A solid network segmentation policy might have prevented the breach.
“What would have happened if Target’s HVAC vendor’s credentials didn’t even allow them near customer data on the network? What if the user had been contained to just the segment of the network containing systems they needed to manage the HVAC systems?”
Others clearly did not learn from Target’s experience. In December 2015 three Ukrainian energy companies were hacked and 225,000 customers lost power.The attack started with an employee falling for a spear phishing e-mail. According to an analysis of the incidents by the Electricity Information Sharing and Analysis Center (E-ISAC) and the SANS Institute the attackers then used stolen credentials to “pivot into the network segments where SCADA dispatch workstations and servers existed.” The report’s number one recommendation was that networks be segmented from each other.
Is Network Segmentation a Cure-All?
When it comes to network security, segmentation is really a no-brainer. Forrester in its TechRadar report Internet of Things Security, 2017, says: “it’s part and parcel of secure network practice to limit the extent of any cyber intrusion.”
That includes IoT networks. The main difference between traditional networks and IoT networks is scale. According to Forrester, “The ability to segregate networks is dependent on size of IoT network and capability of connected devices. Network segmentation can have scalability, complexity and administrative challenges, which organizations need to account for in order for these deployments to deliver value.”
Despite network segmentation being well-established in general network security practice, for this reason Forrester rates it only as having low business value for IoT and being at the early survival stage in its evolution. If administrative and scalability challenges can be met at reasonable cost: “expect the space to explode.”
“If it cannot be seen or accessed, then it cannot be hacked” :
Although IoT brings major connectedness with it, the same connections can be exploited for nefarious purposes too. You need a solution that helps establish a solid trust based framework with granular access and privilege policies to segment different IoT devices based on criticality of purpose and context. Network Segmentation can help minimize or avoid the cost of security breaches for organizations.
Learn more about IoT Security:
- Security IoT Infographic
- Blockchain for IoT Security: Potential Still Unrealized
- The Potential of API for IoT Security
- Securing IoT: The Potential of Public Key Infrastructure
- Securing IoT : Threat Detection using Security and Behavioral Analytics
- Securing IoT: Segmentation At Scale
- Securing the Internet of Things: Identity in an IoT world