Menu

IoT FEATURE NEWS

New Research Unveils Corporate Losses from IoT Security Missteps

By

A new study from DigiCert, a provider of TLS/SSL, PKI and IoT security solutions, reportedly reveals that enterprises have begun sustaining significant monetary losses stemming from the lack of good practices as they move forward with incorporating the Internet of Things (IoT) into their business models. In fact, among companies surveyed that are struggling the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years.

The survey was conducted by ReRez Research in September 2018, with 700 enterprise organizations in the US, UK, Germany, France and Japan from across critical infrastructure industries.

Security and privacy topped the list of concerns for IoT projects, with 82 percent of respondents stating they were somewhat to extremely concerned about security challenges.

“Enterprises today fully grasp the reality that the Internet of Things is upon us and will continue to revolutionize the way we live, work and recreate,” said Mike Nelson, VP, IoT Security, DigiCert. “Securing IoT devices is still a top priority that many enterprises are struggling to manage; however, integrating security at the beginning, and all the way through IoT implementations, is vital to mitigating rising attacks, which can be expected to continue. Due diligence when it comes to authentication, encryption and integrity of IoT devices and systems can help enterprises reliably and safely embrace IoT.”

To give visibility to the specific challenges enterprises are encountering with IoT implementations, respondents were asked a series of questions using a wide variance of terminology.

Respondents were asked about IoT-related security incidents their organizations experienced within the past two years. The results indicate that companies struggling the most with IoT implementation are much more likely to get hit with IoT-related security incidents. The companies having the most difficulty were:

  • More than six times as likely to have experienced IoT-based Denial of Service attacks
  • More than six times as likely to have experienced Unauthorized Access to IoT Devices
  • Nearly six times as likely to have experienced IoT-based Data Breaches
  • 4.5 times as likely to have experienced IoT-based Malware or Ransomware attacks

The top five areas for costs incurred within the past two years were:

  • Monetary damages
  • Lost productivity
  • Legal/compliance penalties
  • Lost reputation
  • Stock price

“When it comes to accelerating implementations of IoT, it’s vital for companies to strike a balance between gaining efficiencies and maintaining security and privacy,” Nelson said. “This study shows that enterprises that are implementing security best practices have less exposure to the risks and resulting damages from attacks on connected devices. Meanwhile, it appears these IoT security best practices, such as authentication and identity, encryption and integrity, are on the rise and companies are beginning to realize what’s at stake.”

Recommendations
The survey points to five best practices to help companies pursuing IoT realize the same success as the top-tier performing enterprises:

  1. Review risk: Perform penetration testing to assess the risk of connected devices. Evaluate the risk and build a priority list for addressing primary security concerns, such as authentication and encryption. A strong risk assessment will help assure you do not leave any gaps in your connected security landscape.
  2. Encrypt everything: As you evaluate use cases for your connected devices, make sure that all data is encrypted at rest and in transit. Make end-to-end encryption a product requirement to ensure this key security feature is implemented in all of your IoT projects.
  3. Authenticate always: Review all of the connections being made to your device, including devices and users, to ensure authentication schemes only allow trusted connections to your IoT device.  Using digital certificates helps to provide seamless authentication with binded identities that are tied to cryptographic protocols.
  4. Instill integrity: Account for the basics of device and data integrity to include secure boot every time the device starts up, secure over the air updates, and the use of code signing to ensure the integrity of any code being run on the device.
  5. Strategize for scale: Make sure that you have a scalable security framework and architecture ready to support your IoT deployments. Plan accordingly and work with third parties that have the scale and expertise to help you reach your goals so that you can focus on your company’s core competency.

For more information on the survey, click here.


The IoT Evolution Expo, and collocated events, IoT Evolution Health, LPWAN Expo, The Smart City Event, and IIoT Conference, will take place Jan. 29 to Feb 1 in Ft. Lauderdale, Florida. Visit IoTEvolutionExpo.com to register now.

Edited by Ken Briodagh

Editorial Director

SHARE THIS ARTICLE
Related Articles

ZEDEDA Teams Up with Accenture and Lanner to Open Up New Solutions for Edge Computing Deployments

By: Matthew Vulpis    2/25/2021

In the business world today, almost everything is done digitally, which is why when it comes to designing and deploying Industrial IoT and edge comput…

Read More

Reentering the IoT Analyst Atmosphere - My view from the not-so-cheap seats

By: Special Guest    2/23/2021

IoT technology and strategies are the core tools for organizations to gain crucial visibility into their operations, machines, products, and buildings…

Read More

Visualize This: The IoT Landscape and a Map for the Future from Semtech

By: Arti Loftus    2/11/2021

With a plethora of networking options becoming more readily available for the Internet of Things (IoT), selecting the most effective IoT network for a…

Read More

As More IoT Devices Connect Through Cellular Networks, Two Companies Join Forces to Simplify and Secure Connectivity

By: Arti Loftus    2/10/2021

Matt Hatton, a founding partner of Transforma Insights, recently penned a report summarizing the elements required to connect thousands or even tens o…

Read More

SenRa Collaborates with TEKTELIC to Accelerate LoRaWAN Adoption

By: Juhi Fadia    2/10/2021

SenRa, one of the leading LoRaWAN public network operators across India, has officially proclaimed its collaboration with TEKTELIC, a top-tier provide…

Read More