Chagnon also encouraged extensive use of port locks that require a key, and some type of tamper-evident tape over chassis and ports. “Security sweeps should include looking for extra wires, unauthorized USB hubs, or small boxes that don’t match the asset inventory,” he added. “If a door to a restricted area is opened and a new, unknown device simultaneously appears on that local switch, the SOC should receive a high-priority correlated alert.”
Forrester Senior Analyst Paddy Harrington said that many enterprise security executives “forget how susceptible these things are to attack” and specifically pointed to IoT and OT devices as prime targets. Too many security people, Harrington said, are looking at what shadow devices, such as fitness trackers, are supposed to do, and not focusing on the access the device could get as the start of a backdoor attack.
“You shouldn’t be able to walk up to an Ethernet port and plug in anything. That device needs to be authenticated,” Harrington said, adding that he estimates that 50% of all enterprises cut too many corners on device security. “Why should any IoT lightbulbs have access to financial data?” he asked.
