Menu

IoT FEATURE NEWS

IoT Security: Still a Problem

By

The penetration of "non-business" IoT devices is increasing inside business networks. Devices such as smart lightbulbs, heart monitors, gym equipment, coffee machines, game consoles, and internet-connected pet feeders may not rise to the level in organizations’ threat models. This has become problematic because the security controls in consumer IoT devices are minimal. Keeping the IoT prices low leads to less security investment. Poor IoT device security stems results from manufacturers' goal to keep price points low. Security is considered an unnecessary overhead. The limited visibility combined with increased remote working leads to serious cybersecurity incidents.

The Palo Alto IoT security report “The Connected Enterprise: IoT Security Report 2021” provides insights into the use of non-industrial IoT devices and their penetration into business networks. Palo Alto Networks commissioned Vanson Bourne, a technology research firm, to survey “1,900 IT decision-makers at organizations in 18 countries in Asia, Europe, the Middle East, and the Americas on their primary IoT security issues.”

The key findings reported by Palo Alto are:

  • COVID-19 and its impact have made it harder to keep IoT devices secure.
  • Nearly all respondents (96%) who have IoT devices connected to their network reported their approach to IoT security requires an improvement. One in four (25%) indicated the requirement for an IoT security strategy overhaul.
  • About half (51%) of the survey respondents who have IoT devices connected to their network reported that IoT devices are segmented on a separate network from the one they use for primary business devices and business applications.
  • Technology executives are not sleeping well. Security cameras are a fine example of vulnerabilities. Palo Alto Networks research examined 135,000 security cameras in March 2021. They found that 54% of the cameras have at least one security vulnerability. This makes it possible for cameras to be hijacked and weaponized by setting up these devices as springboards to initiate attacks and access broader corporate networks.

The report listed the types of attacks that are encountered:

  • Industrial Internet of Things (IIoT) attacks       55%
  • Distributed Denial of Service (DDoS)              50%
  • Breach of Connected Cameras                       46%
  • Breach of Internet of Medical Things (IoMT)   42%
  • Breach of Connected Home Devices              37%
  • Breach of Connected Wearables                    32%

A separate report “State of Enterprise IoT Security in North America: Unmanaged and Unsecured” by Forrester Consulting was performed for Armis. The report by Forrester Consulting concluded that:

  • 69% of enterprises have more IoT devices on their networks than computers.
  • 84% of security professionals believe IoT devices are more vulnerable than computers.
  • 67% of enterprises have experienced an IoT security incident.
  • 16% of enterprise security managers say they have adequate visibility to the IoT devices in their environments.
  • 93% of enterprises are planning to increase their spending on security for IoT and unmanaged devices.”

The Palo Alto report recommended that:

  • Become familiar with your router by changing defaults and adding encryption such as WPA3 or WPA2.
  • Ensure you know what devices are connected. Monitor for unauthorized devices.
  • Segment WFH networks.
  • Implement two factor authentications.
  • Ensure you deploy security updates immediately.

The importance of implementing security solutions, practices, and controls that can identify and protect IoT devices cannot be underestimated. Business leaders are considering more IoT devices. The insights provided by these two reports can be used to focus on the improper and inadequate security controls on these devices. These lead the business and its customers to experience higher risks of data loss, physical damage, and revenue loss. Organizations should adopt an aggressive cybersecurity posture. When security protections are not deployed, businesses are more prone to be victimized by cyberattacks.




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Today's Technology Do-Gooders: FlySense Vaping and Bullying Sensor from Soter Technologies

By: Alex Passett    6/5/2023

FlySense 286 from Soter Technologies addresses educational environments' needs to keep students safer when it comes to instances of on-campus vaping a…

Read More

From Semtech and Connected Development, the XCVR Development Board and Reference Design for IoT

By: Alex Passett    6/2/2023

Based on Semtech's LoRa SX126x Series, the XCVR Development Board and Reference Design simplifies design processes and reduces time-to-market for IoT …

Read More

At the KORE of Sustainability: Actioning Environmental Improvements in IoT

By: Alex Passett    6/1/2023

For KORE, smaller packaging means a decrease in plastic carbon emissions. This is just one measure KORE is taking to improve sustainability measures i…

Read More

ESG in IoT: Semtech Furthers Commitments to Global Sustainability

By: Alex Passett    6/1/2023

Semtech recently released its inaugural Corporate Sustainability report, detailing its operational impacts and how they affect sustainably supply chai…

Read More

Laird Connectivity Sensors and Iridium Edge Solar: A Partnership for Asset Ecosystems in IoT

By: Alex Passett    5/30/2023

Iridium Communications and Laird Connectivity are integrating respective technologies to enable longer-term IoT asset tracking, monitoring and managem…

Read More