Three Ways to Protect Unfixable Security Risks
How can a hospital protect an MRI machine with an unchangeable password and still connect it to the network? How can an industrial recycler safely secure its $400,000 hard drive recertification rack with control software that only runs on Windows XP?
These are not uncommon risks. The devices themselves can’t be secured, but that doesn’t mean we can’t use basic IT techniques to reduce our security risks. We will examine three options that can help protect the vulnerable devices: network segmentation, a hard-wired partner, and virtual machines. However, before we dig into the technologies, let’s first examine why we need them.
The Scope of the Unfixable Device Problem
Many organizations find themselves with very expensive, very vulnerable devices that cannot be replaced. Yet these devices also have critical vulnerabilities and need to connect to the network to exchange data or for remote control.
Industries with very expensive operational technology (OT) and Internet of Things (IoT) devices, such as healthcare or industrial manufacturing, can be especially vulnerable. Many of these critical devices require obsolete operating systems, have hard-coded passwords, or other equally dangerous security weaknesses.
As recently as 2020, 83% of medical imaging devices ran on operating systems that no longer receive updates. A report from this year estimates that 53% of connected medical devices have an identified critical risk. This includes 73% of IV pumps and most laboratory devices.
Although the number of hospitals applying solutions such as network segmentation continues to grow, researchers estimated less than half of the hospitals in the United States had begun the process. The world-wide numbers will be even worse.
Of course healthcare providers have plenty of company in their vulnerable state. Researchers estimate that:
- 40% of industrial sites have at least one direct connection to the internet with at least one Industrial Control System (ICS) device exposed
- 84% of sites have at least one remotely accessible device
- 53% of industrial sites maintain obsolete Windows OS such as Windows XP
- 57% of ICS sites do not run automatically updating antivirus protection
Also read: Top IoT Security Solutions for 2022
3 Ways to Defend Unprotected Devices
Millions of devices and thousands of organizations, big and small, have unprotected vulnerabilities waiting for a hacker to find them. Fortunately, we don’t have to just wait for the problem to explode, we can apply traditional IT technology to isolate and protect many of these devices that cannot be made secure on their own. Here are three ways to make unfixable devices more secure.
Network segmentation originates from separately wired network segments back when our physical offices had different equipment on every floor and our switches had more limited capacity. Today, our network segmentation can also be created using programming and no longer has to rely upon wires and switches.
Researchers estimate that 90% of healthcare IoT critical risks can be addressed by network segmentation. Network engineers use network segmentation rules to restrict sections of the network to specific users, security controls, or devices.