Cybersecurity no longer ‘one size fits all’ in an IoT world

The Internet of Things is changing the way the world works and plays. From applications in MedTech, logistics, and transportation to smart home solutions, IoT is an enabler of a larger digital transformation that will produce vast quantities of data to be stored, parsed, and transmitted over an ever-expanding global network.

But, as the world of IoT continues to expand, so too do security threats. The billions of IoT devices in use have naturally created new vulnerabilities for companies. According to global management consulting firm McKinsey, as more ‘things’ get connected, the number of ways to attack them has increased dramatically. Pre-IoT, a large corporate network might have needed to account for up to 500,000 endpoints being vulnerable to attack, while the IoT may involve a network with millions or tens of millions of these endpoints.

IoT fuelling transformation but vulnerabilities create risks for businesses

The potential value of IoT is large and growing. By 2030, McKinsey estimates it could amount to up to US$12.5tn globally. And, according to Palo Alto Networks, the rapid growth of capabilities and adoption of IoT technology has fuelled a transformation in enterprise operations. 

IoT devices are believed to make up 30% of total devices on enterprise networks today, with the rich data collected from these devices providing a number of valuable insights informing real-time decisions and delivering accurate predictive modelling. In addition, IoT is a key enabler of digital transformation in the enterprise, with the potential to drive up workforce productivity, business efficiency, and profitability, as well as the overall employee experience.

However, despite the many advantages IoT technology enables, the interconnectedness of smart devices presents a substantial challenge to enterprises, primarily in terms of the serious security risks arising from unmonitored and unsecured devices connected to the network.

What’s more, with increases in hybrid working environments, security weaknesses on employees' home networks could create risks for businesses. Last year, infosec firm Bitdefender found a number of security vulnerabilities in a particular brand of baby monitors, potentially enabling attackers to either access the camera feed or execute malicious code on vulnerable devices.

And, in addition to commercial impact, the risks of IoT-related service disruptions extend to the critical infrastructure in our communities. 

“Imagine the implications of an attack on the switching infrastructure of a metro subway line, a wireless pacemaker becoming compromised, or a power grid shutting down,” reports a whitepaper by Fortinet. As the report explains, security professionals must be prepared to define solution requirements thoughtfully to guard against these new threats.

“Thanks to the work-from-anywhere era, the boundaries between home and work networks have blurred,” explains Sunil Ravi, Chief Security Architect at Versa Networks. “Once the malware has breached a home network, it can then move laterally across to the homeowner’s work network, inflicting significant damage to the organisation. With IoT devices being the perfect target for malware, vendors must ensure that their products have effective security.”

Connected devices can be vulnerable to breaches

As Palo Alto Networks explains, without robust security, any connected IoT device is vulnerable to breach, compromise, and control by a bad actor to ultimately infiltrate, steal user data, and bring down systems. 

With large volumes of diverse IoT devices continuing to connect to the network, a dramatic expansion of the attack surface is occurring in parallel. As a result, the entire network security posture is diminished, in terms of the level of integrity and protection offered to the least secure device.

In addition to these challenges, 98% of all IoT device traffic is unencrypted, putting personal and confidential data at severe risk.

Almost half of the respondents to a study by Capgemini identified the inclusion of technologies like IoT as one of the main issues exposing their organisation to breaches. Ineffective delegation of cybersecurity responsibilities also ranks amongst the top vulnerabilities, an issue making it difficult to identify malicious activity in a timely manner. 

As Tom Canning, Vice President of Global Sales IoT and Devices at Canonical, explains: “Businesses need to take a long, hard look at where their burden of security lies, and seriously consider putting trust in IoT applications to support and manage networks. That way, managers can be confident that they’re future-proofing through technology, which can automatically remediate any security issues. 

“It’s no longer a case of one-size-fits-all in the smart era of Industry 4.0. Device hardware is not static and manufacturers must recognise that the future does not lie in this form of vulnerable hardware, but instead in software-defined capabilities. 

“As attacks continue to accelerate, more action is needed to protect and future-proof the manufacturing industry. It will take investment and a real commitment to change how the industry thinks about security in relation to smart infrastructure. The billions of existing IoT devices were not deployed overnight, and the security problems they inherit will not be fixed overnight, either.”

SASE striking the perfect balance

Coined by Gartner in the 2019 Networking Hype Cycle and Market Trends report, Secure Access Service Edge (SASE) introduces a new architecture where networking and security functions are bundled in a cloud-delivered service. As IoT and internet-based traffic continues to soar, SASE allows enterprises to streamline network integration, security, and policy management of distributed devices with a centrally-managed platform.

“Whilst on the surface it seems like security and networking performance are at complete opposite ends of the spectrum, SASE has proven to be able to strike the perfect balance between the two entities,” explains Apurva Mehta, CTO and co-founder at Versa Networks.

“SASE allows for a tighter integration between networking performance and security. This means IoT devices can be secure, while also ensuring that high performance is maintained. Additionally, through SASE, organisations can ensure that all endpoints on IoT networks receive the same amount of security coverage and management capabilities – giving security teams complete visibility across their network.”

Not only does SASE give organisations visibility across all endpoints in IoT networks, but it also segments the network, too. By doing this, organisations can restrict the movement of malware on IoT networks, meaning that the cyber-risk of an organisation is dramatically reduced. Additionally, when suspicious activity is spotted within IoT devices, it can be easily located by security teams and mitigated.

“IoT devices are here to stay and they have proven to be extremely valuable to businesses, however, they must be secure,” Mehta concludes. “With SASE, IoT devices can maintain their performance to meet the needs of the business but also ensure that security is watertight.”

******

Make sure you check out the latest industry news and insights at Mobile Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Mobile Magazine is a BizClik brand