Menu

IoT FEATURE NEWS

IoT Security: Still a Problem

By

The penetration of "non-business" IoT devices is increasing inside business networks. Devices such as smart lightbulbs, heart monitors, gym equipment, coffee machines, game consoles, and internet-connected pet feeders may not rise to the level in organizations’ threat models. This has become problematic because the security controls in consumer IoT devices are minimal. Keeping the IoT prices low leads to less security investment. Poor IoT device security stems results from manufacturers' goal to keep price points low. Security is considered an unnecessary overhead. The limited visibility combined with increased remote working leads to serious cybersecurity incidents.

The Palo Alto IoT security report “The Connected Enterprise: IoT Security Report 2021” provides insights into the use of non-industrial IoT devices and their penetration into business networks. Palo Alto Networks commissioned Vanson Bourne, a technology research firm, to survey “1,900 IT decision-makers at organizations in 18 countries in Asia, Europe, the Middle East, and the Americas on their primary IoT security issues.”

The key findings reported by Palo Alto are:

  • COVID-19 and its impact have made it harder to keep IoT devices secure.
  • Nearly all respondents (96%) who have IoT devices connected to their network reported their approach to IoT security requires an improvement. One in four (25%) indicated the requirement for an IoT security strategy overhaul.
  • About half (51%) of the survey respondents who have IoT devices connected to their network reported that IoT devices are segmented on a separate network from the one they use for primary business devices and business applications.
  • Technology executives are not sleeping well. Security cameras are a fine example of vulnerabilities. Palo Alto Networks research examined 135,000 security cameras in March 2021. They found that 54% of the cameras have at least one security vulnerability. This makes it possible for cameras to be hijacked and weaponized by setting up these devices as springboards to initiate attacks and access broader corporate networks.

The report listed the types of attacks that are encountered:

  • Industrial Internet of Things (IIoT) attacks       55%
  • Distributed Denial of Service (DDoS)              50%
  • Breach of Connected Cameras                       46%
  • Breach of Internet of Medical Things (IoMT)   42%
  • Breach of Connected Home Devices              37%
  • Breach of Connected Wearables                    32%

A separate report “State of Enterprise IoT Security in North America: Unmanaged and Unsecured” by Forrester Consulting was performed for Armis. The report by Forrester Consulting concluded that:

  • 69% of enterprises have more IoT devices on their networks than computers.
  • 84% of security professionals believe IoT devices are more vulnerable than computers.
  • 67% of enterprises have experienced an IoT security incident.
  • 16% of enterprise security managers say they have adequate visibility to the IoT devices in their environments.
  • 93% of enterprises are planning to increase their spending on security for IoT and unmanaged devices.”

The Palo Alto report recommended that:

  • Become familiar with your router by changing defaults and adding encryption such as WPA3 or WPA2.
  • Ensure you know what devices are connected. Monitor for unauthorized devices.
  • Segment WFH networks.
  • Implement two factor authentications.
  • Ensure you deploy security updates immediately.

The importance of implementing security solutions, practices, and controls that can identify and protect IoT devices cannot be underestimated. Business leaders are considering more IoT devices. The insights provided by these two reports can be used to focus on the improper and inadequate security controls on these devices. These lead the business and its customers to experience higher risks of data loss, physical damage, and revenue loss. Organizations should adopt an aggressive cybersecurity posture. When security protections are not deployed, businesses are more prone to be victimized by cyberattacks.




Edited by Maurice Nagle
SHARE THIS ARTICLE
Related Articles

Data in the Right Hands: A Look into Data Activation Company, WANdisco

By: Alex Passett    2/7/2023

Dually headquartered (Sheffield, England and San Ramon, California) data activation company WANdisco supercharges the movement of secure data at any s…

Read More

Ready, Set, Ready Care: HARMAN Improves Smarter and Safer Automotive Experiences

By: Alex Passett    2/6/2023

Technology company HARMAN has expanded its Ready Care product with new features to up the ante in the pursuit of the safest-possible experiences for v…

Read More

The Future of Digitalization: An IoT Conversation with People10 Technologies

By: Alex Passett    2/6/2023

Ahead of IoT Evolution Expo 2023 in Fort Lauderdale, Florida, we spoke with Nisha Shoukath, President and COO of People10 Technologies, Inc.

Read More

As Microsoft Dynamics Continues to Grow, Pax8 Acquires Bam Boom Cloud

By: Arti Loftus    2/6/2023

The Bam Boom acquisition will enable Pax8 to create new simple go-to-market strategies and services for partners to build on their Microsoft Dynamics …

Read More

As Indoor Air Quality Grows in Importance, Market Leaders Partner to Bring Connected Solutions for Building Management

By: Arti Loftus    2/3/2023

The WYND-driven air quality solution is one of a range of smart building applications that run on Veea's in-building digital infrastructure, which lev…

Read More