As digital transformation fuels the proliferation of unmanaged devices across industrial environments, having a strong IoT security program in place has become vital to protect critical infrastructure from cyberattacks.


The Internet of Things, also known as IoT, is a system of interconnected computing devices, mechanical machines, or objects with sensors and software that can transfer or exchange information over a network with no human intervention. IoT security refers to the processes and technologies put in place to prevent or mitigate cyber risks for these devices.

The definition of what constitutes an IoT device varies widely and includes everything from biomedical implants to sensors on manufacturing and electrical equipment. An industrial ecosystem can encompass many different smart devices that collect, send and act on data from their environments. Sometimes, these devices even communicate with each other and act on the information they get from one another. These devices typically share their data via a gateway or other edge device where it is then either sent to the cloud for analysis or analyzed locally. Regardless of whether something is classified as an IoT, OT or IT device, it needs protecting to maintain operational resilience.

The figure below is helpful to understand the differences between the different types of devices.

OT vs. IoT vs. IT devices


Industrial and critical infrastructure operators are rapidly deploying billions of devices to optimize their automation processes using the data provided by these “things”. Unfortunately, this trend is creating new cybersecurity risks, as these devices open up to networks, both public and private. These endpoints have become low-hanging fruit for attackers who want to compromise operational processes and maximize the economic benefits of a cyberattack.

The image below offers a breakdown of how these devices are used in our daily life. Although different organizations use these technologies for different use cases, keeping them cyber resilient should always be a priority. The impact on critical infrastructure environments can be particularly devastating when you consider what might happen if the electric grid was compromised or life-saving devices in a hospital were interfered with.

IoT devices in smart cities


From thermostats and sensors to cameras and process controllers, IoT security challenges lie everywhere, and the theoretical threat has already become reality. In October 2016, the largest DDoS attack in history occurred, the Mirai Botnet Attack. This attack left much of the United States East Coast without internet. Attackers scanned the internet for open Telnet ports, and using default passwords, successfully compromised large swaths of CCTV cameras and routers which were then used as a botnet army.

Variants of this malware still exist today and are being closely monitored by the Nozomi Networks Labs team.

In 2017, hackers used a fish tank thermometer to steal 10 gigabytes of data from the North American casino that had just installed it. Because the fancy thermometer was Wi-Fi enabled, threat actors were able to pull the casino’s database of high rollers across the network and extract it through the thermostat. Ultimately, this device acted as a gateway to the rest of the datacenter, which contained sensitive personal and financial data and applications.

In March of 2021, Verkada, Inc., a security camera company, fell victim to an attack which exposed live feeds of 150,000 surveillance cameras inside hospitals, manufacturing facilities, prisons and schools. The attack was not technically complex. Bad actors used cloud server to gain access to legitimate credentials which allowed them to access the surveillance cameras deployed at thousands of customer sites.


1. IoT Devices Are Typically Unmanaged and Insecure by Design

After an initial deployment, IoT device software is rarely updated, if even possible. This is particularly true of firmware, where many of these vulnerabilities live. Because of this, these devices remain vulnerable to attacks that can easily be prevented for other types of managed devices.

2. Weak Identity and Access Control Measures

The use of default passwords and a lack of strong authentication procedures makes compromising these devices much easier than a managed IT device.

3. Connected IoT Devices Become Easy Entry Points

IoT devices typically connect to an ecosystem that includes business applications, data centers, IT infrastructure, and the cloud. Because they lack strong cybersecurity controls by default, this makes them easy targets for hackers to use for entry into the rest of the network.

4. Lack of Network Segmentation

Large scale industrial internet of things deployments don’t easily lend themselves to the level of network segmentation needed to mitigate cyber threats or prevent the spread of malware.

5. Inability to Install Agent-Based Security Software

The vast majority of IoT devices being released are incapable of hosting software security agents.  We have no problem installing agents on Windows/Mac/Linux based operating systems, however IoT devices have very different and functionally reduced operating systems.  This is generally because they have limited processing and communication capabilities, in addition to not having “space” to install such bulky software.

6. Rogue Deployment of IoT Devices

IoT devices are often deployed without the involvement of IT and/or cybersecurity teams. This can result in devices being located in sensitive or insecure areas of the network, making them much easier compromise because of the lack of additional cybersecurity layers.


Although there is no regulatory body responsible for the cybersecurity of IoT devices, there have been a handful of attempts at the Federal level to strengthen security practices for them. The National Institute of Standards and Technology (NIST) established their NIST Cybersecurity for IoT Program in 2020, whose mission is “to cultivate trust in the IoT and foster an environment that enables innovation on a global scale through standards, guidance, and related tools”, which you can read more about here.

The NIST Cybersecurity Framework (CSF) is a risk-based framework that helps organizations manage and protect their critical infrastructure and data. The CSF provides a common language and set of guidelines for understanding, managing, and communicating cybersecurity risks.

Using the NIST Cybersecurity Framework as a guide, we’ll go through some best practices for IoT device security.

The 5 Functions of the NIST Cybersecurity Framework

1. Identify

Understand the types of IoT devices in use in your organization and their associated risks. This includes determining the types of data that the devices collect and transmit, as well as the potential impacts of a cybersecurity incident.

An asset management mechanism that can track every connected device with real-time data, including zone and network location data, lifecycle, and patch information, is a critical component of this step.

2. Protect

Implement appropriate security controls to protect your network from threats. This includes measures such as a firewall capable of isolating or killing connections that are associated with malware or other anomalies. It can also include security controls like network segmentation, MFA and encryption.

Establish a process for network security engineers to follow to patch the highest risk and most vulnerable assets first, to reduce overall risk exposure and increase resilience.

3. Detect

Implement monitoring and detection mechanisms to identify potential cybersecurity threats and vulnerabilities. This may include network monitoring, log analysis, and security incident and event management (SIEM) systems.

Utilize an industrial network monitoring solution that can integrate with network access control (NAC) products and expose the greatest potential risks in real-time. For example, one that directs the NAC to place critical or vulnerable assets into dedicated VLANs—capable in a DMZ configuration.

4. Respond

Develop and implement a plan for responding to cybersecurity incidents, including procedures for finding and isolating affected devices and systems and communicating about the incident to relevant parties.

Leveraging comprehensive incident response playbooks and tools for forensic analysis can help achieve this quickly and efficiently.

5. Recover

Plan and exercise business continuity strategies for recovering from cybersecurity incidents, including procedures for restoring affected systems and processes and mitigating any potential impacts.

Other best practices include collaborating with industry partners and government agencies to share information about cybersecurity threats that affect IoT devices and continuously reviewing and improving your cybersecurity procedures to ensure they’re effective and aligned with the evolving threat landscape.

Nozomi Networks

VNCS Global is the distributor of Nozomi Network – the perfect partner to open up comprehensive monitoring of OT and IoT infrastructure to help businesses accelerate security and digital transformation.
☎️Phone: (+84) 2462911419