Almost 50% of firms unprepared for IoT growth

Palo Alto Networks, an American multinational cybersecurity company with headquarters California, has commissioned a new survey researching the preparedness of companies on IoT security practices.

Data collected from 1,350 IT enterprises, business leaders and decision-makers in 14 countries across Europe, North America, the Middle East and Asia, reveals 41% of the respondents are unprepared in their IoT security requirements. 

While 95% of those taking part said they had visibility of all the IoT devices connected to their company networks, the growing number and variety of devices may leave some companies vulnerable to security breaches. 

According to the report, IoT is an area of vulnerability for most businesses, and 57% of IoT devices are at risk of attack. The sheer volume of devices joining networks, from tools and toys to medical devices and cars, are increasing the likelihood of security breaches. 

Working remotely

Palo Alto Networks found that of the IT decision-makers it surveyed, 89% reported seeing increased numbers of IoT devices on their networks in the past 12 months. 

Many additional IoT devices have connected to company networks as a result of the ‘working from home’ phenomenon following the global pandemic. Companies must now be prepared to connect staff to their systems via their home offices, which presents more potential vulnerabilities. 

Fortinet, a US multinational that develops and markets cybersecurity products and services, also reported on issues surrounding working remotely and IoT’s, stating, “A shortage of company-owned laptops and devices forced many workers to use their personal computers to access corporate networks and complete work-related tasks. Simultaneously, these individuals continued to engage in more mundane (and often riskier) online behaviour such as browsing social media, shopping, and streaming entertainment. Since most of these personal devices lack endpoint protection and desktop security, they’re far more vulnerable to malware.”

Slow segmentation issues are increasing the problem, with many companies struggling to apply adequate IoT security practices. Only 21% had implemented best practices of using micro-segmentation, which contains IoT devices to tightly controlled security areas. 

IoT uptake

Fortinet’s findings show that the adoption of IoT technology continues to rise steadily despite its vulnerabilities, with one prediction noting that IoT platform revenues will grow to $66bn by the end of 2020. 

Fortinet’s report states, “Even if your business has begun to acclimate to the ‘new normal’ of continued remote work – or even if most employees are now back in an office environment – threats are still out there. While IoT adoption solves many business problems, attackers are well-versed in its vulnerabilities.”

The report goes on to say that cybercriminals have used the COVID-19 pandemic to capitalise on rushed digital transformation and the security weak spots it creates.

Get secure

Palo Alto has isolated five areas businesses need to observe and secure considering the new findings. They are: 

1. Use device discovery for complete visibility. To ensure protection, businesses need to be able to see all devices – and keep a detailed up-to-date inventory of all connected IoT assets, their risk profiles, and their trusted behaviours.

2. Use network segmentation. Businesses should split networks into subsections to provide granular control over the movement of traffic between devices and workloads, reducing the attack surface. 

3. Use secure strong passwords. Password security is essential to securing IoT devices. As soon as an IoT device is connected to the network, the IT teams should alter the default passwords with those aligned with company password policies.

4. Repair and update the firmware. The majority of IoT devices cannot patch security flaws regularly, so IT teams must check devices are patched for vulnerabilities. 

5. Use tools to monitor IoT devices at all times.

The Palo Alto Networks report concludes that as the digital transformation continues, and companies complete their transitions, ongoing maintenance will play an important role in preventing cyberattacks. 

It states, “In these circumstances, extra precautions must be taken not only by the IT and security teams but by the entire organisation. User awareness training that educates employees about good cyber hygiene should be considered mandatory.”