Menu

IoT FEATURE NEWS

IoT Security: Still a Problem

By

The penetration of "non-business" IoT devices is increasing inside business networks. Devices such as smart lightbulbs, heart monitors, gym equipment, coffee machines, game consoles, and internet-connected pet feeders may not rise to the level in organizations’ threat models. This has become problematic because the security controls in consumer IoT devices are minimal. Keeping the IoT prices low leads to less security investment. Poor IoT device security stems results from manufacturers' goal to keep price points low. Security is considered an unnecessary overhead. The limited visibility combined with increased remote working leads to serious cybersecurity incidents.

The Palo Alto IoT security report “The Connected Enterprise: IoT Security Report 2021” provides insights into the use of non-industrial IoT devices and their penetration into business networks. Palo Alto Networks commissioned Vanson Bourne, a technology research firm, to survey “1,900 IT decision-makers at organizations in 18 countries in Asia, Europe, the Middle East, and the Americas on their primary IoT security issues.”

The key findings reported by Palo Alto are:

  • COVID-19 and its impact have made it harder to keep IoT devices secure.
  • Nearly all respondents (96%) who have IoT devices connected to their network reported their approach to IoT security requires an improvement. One in four (25%) indicated the requirement for an IoT security strategy overhaul.
  • About half (51%) of the survey respondents who have IoT devices connected to their network reported that IoT devices are segmented on a separate network from the one they use for primary business devices and business applications.
  • Technology executives are not sleeping well. Security cameras are a fine example of vulnerabilities. Palo Alto Networks research examined 135,000 security cameras in March 2021. They found that 54% of the cameras have at least one security vulnerability. This makes it possible for cameras to be hijacked and weaponized by setting up these devices as springboards to initiate attacks and access broader corporate networks.

The report listed the types of attacks that are encountered:

  • Industrial Internet of Things (IIoT) attacks       55%
  • Distributed Denial of Service (DDoS)              50%
  • Breach of Connected Cameras                       46%
  • Breach of Internet of Medical Things (IoMT)   42%
  • Breach of Connected Home Devices              37%
  • Breach of Connected Wearables                    32%

A separate report “State of Enterprise IoT Security in North America: Unmanaged and Unsecured” by Forrester Consulting was performed for Armis. The report by Forrester Consulting concluded that:

  • 69% of enterprises have more IoT devices on their networks than computers.
  • 84% of security professionals believe IoT devices are more vulnerable than computers.
  • 67% of enterprises have experienced an IoT security incident.
  • 16% of enterprise security managers say they have adequate visibility to the IoT devices in their environments.
  • 93% of enterprises are planning to increase their spending on security for IoT and unmanaged devices.”

The Palo Alto report recommended that:

  • Become familiar with your router by changing defaults and adding encryption such as WPA3 or WPA2.
  • Ensure you know what devices are connected. Monitor for unauthorized devices.
  • Segment WFH networks.
  • Implement two factor authentications.
  • Ensure you deploy security updates immediately.

The importance of implementing security solutions, practices, and controls that can identify and protect IoT devices cannot be underestimated. Business leaders are considering more IoT devices. The insights provided by these two reports can be used to focus on the improper and inadequate security controls on these devices. These lead the business and its customers to experience higher risks of data loss, physical damage, and revenue loss. Organizations should adopt an aggressive cybersecurity posture. When security protections are not deployed, businesses are more prone to be victimized by cyberattacks.




Edited by Maurice Nagle
SHARE THIS ARTICLE
Related Articles

One Peak Provides EMnify $57 Million in Series B Funding

By: Maurice Nagle    1/21/2022

EMnify announced the influx of $57 million in Series B funding from London-based growth investor One Peak. The leading cloud-based platform for cellul…

Read More

Retail Gets a Smart Upgrade at NRF This Week

By: Ken Briodagh    1/19/2022

NRF 2022: Retail's Big Show brought the most interesting tech and innovation hitting retail stores to New York City this week, and some of the biggest…

Read More

Syniverse Showcases Strength in Advance of Merger Approval Vote

By: Maurice Nagle    1/18/2022

Syniverse announced new full-year revenue and earnings forecasts in advance of an upcoming vote to take the company public via SPAC merger.

Read More

floLive and Kigen Collaborate to Provide Scalable Connectivity

By: Luke Bellos    1/18/2022

Cloud-based IoT connectivity service provider FloLive announced a collaboration with Kigen and Sony Semiconductor Israel. The new solution leverages K…

Read More

Aptiv Acquires Wind River, Setting Sail to Conquer the Next Generation Edge

By: Matthew Vulpis    1/12/2022

Today, the world around us is becoming increasingly digital as companies and consumers alike begin to adopt and leverage new technology like the edge …

Read More