Mitigate IoT security risks by controlling the AoIT (Access of Internet Things)

Regardless of the entry method, any IoT machines, the unpatched medical devices, the BYOD's, the printers , ect...when hackers steal personal private info from companies and governments, it requires that they obtain and exploit the credentials of privileged users. With the never ending growth in the IoT, how can enterprises protect themselves from the inevitable hacking attempts on their networks?

Centralized, granular controls over privileged access to all sensitive IT assets, with defined SSH access routes included in the authentication process would mitigate many of the risks associated with the growing number of IoT devices throughout our homes, communities, and workplaces. For example, a properly configured software solution like BoKS ServerControl , could actually eliminate all elevated access rights from any number or whole sets of

machines, or  types of machines by model or make, machines with certain IOS versions, ect....

People must remember or perhaps learn for the first time, that in the case of hacks involving the theft of private personal or commercial information , in order to get at the information of value, perpetrators must eventually exploit privileged user credentials so they can elevate their access rights.

This is a FACT 100% of the time. There few things in this world that are 100% of the time, this is one of them. It's the single method used by hackers to ACTUALLY gain entry to the information that is valuable enough to steal and important enough for companies to protect. 

In fact, I often hear people saying, even those in the infosec industry , that malware, phishing scams, stealing sys admin credentials, ect... are all essentially similar but different tools used by hackers to steal for example, 4.5 million personal medical records from a a major insurance company. The truth is, at best, this is a misleading and potentially dangerous view of how an actual data breach can occur.

To demonstrate my point, let me try the analogy of hackers stealing 4.5 million medical records to bank robbers stealing $4.5 million from a bank vault.

Bank robbers, like hackers, can use several different tools to get "into" the bank. Things like a saw, sledge hammer, or a screwdriver, for example, could all be tools used by bank robbers to get into the bank building. In fact, tools like malware and phishing scams can indeed be characterized much like the saw or sledgehammer used in a bank robbery, and allows the robbers to gain entry into the lobby of the bank.

However, the privileged credentials are an altogether different tool. When a hacker finally gains control over a privileged user's credentials, that's no screwdriver people. That's the 10 lbs of C4 the bank robbers use to blow off the vault door! Yes... all are common tools used in a bank robbery, but there is only 1 required to get the actual money. It''s the same with privileged user credentials, it lets hackers blow the bank vault door off and get the cash.

Screwdrivers and even sledgehammers much like phishing scams and malware, in themselves, don't have anything to do with getting the vault door off....it simply got them inside the bank lobby and in front of the vault door. Not any further. That's going to require a bit more firepower!