The Internet of Things (IoT) is arguably one of the most-hyped technologies of recent years. It has transformed everything from routine daily tasks (hello, smart washing machines) to healthcare to the operations of critical infrastructure. But for all the value of IoT, there’s still one area that needs attention — security.
The 2020 theme for Cybersecurity Awareness Month couldn’t be more timely: “If you connect it, protect it.” The National Cyber Security Alliance, in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), have been raising awareness throughout October on how all users can own their role in protecting connected devices.
We joined in too, pulling together key IoT stats that organizations and individuals can learn from to better understand IoT security issues as well as potential solutions for protecting our interconnected world.
1) IoT devices increase the enterprise attack surface
There are billions of IoT devices at large today, creating an expanding attack surface for enterprises to monitor. The volume of devices is a challenge, and the variety makes vulnerability management across different device types difficult. According to Palo Alto Networks: “More than half of all internet of things (IoT) devices are vulnerable to medium- or high-severity attacks, meaning that enterprises are sitting on a ‘ticking IoT time bomb.’”
By being cautious about using public Wi-Fi, checking privacy and security settings, and using strong passwords, individuals can play a significant role in preventing personal internet-connected devices from being an entry point for cybercriminals. Cysiv can help security teams manage the influx of IoT devices through our around the clock approach to detection and response.
- Users: Be cautious about using public Wi-Fi, check privacy and security settings, and use strong passwords.
- Businesses: Choose a security partner that can support you with 24/7 detection and response.
2) Security challenges accompany a new mode of work
Security teams moved rapidly to adjust to the challenges of managing a distributed workforce brought on by COVID-19. The pandemic amplified existing security challenges, including how to safeguard company data when employees use devices that have not been approved by corporate IT. Research from Trend Micro found that 52% of global remote workers have IoT devices connected to their home network, many with well-documented weaknesses. “These could theoretically allow attackers to gain a foothold in the home network, then use unprotected personal devices as a stepping-stone into the corporate networks they're connected to,” the report noted. Both users and organizations can take steps to protect the internet connected devices they use for both personal and professional use.
- Users: Configure your privacy and security settings to limit how much data you give away.
- Businesses: Always patch, test, and monitor to make the most of the flexibility of internet-connected environments while protecting the organization from threats. Provide training to employees on how to best secure their devices.
3) Industry-specific threats take center stage
Week three of Cybersecurity Awareness Month focused on the healthcare industry and the vulnerabilities of internet-connected healthcare devices. Healthcare organizations have long been a key target for both financially motivated attackers and cyber espionage campaigns. Part of the allure comes from the high-value data the healthcare industry holds. Attackers also hone in on healthcare targets because of their sprawling attack surfaces. According to the Protenus Breach Barometer, over 41.4 million patient records were breached in 2019, and hacking jumped 49%.
- Users: Be on your guard against phishing schemes and follow best practices for securing any IoT devices you may use to access sensitive data.
- Healthcare Organizations: Patch devices in a timely manner, ensure configurations follow security best practices, and appropriately control access to the devices. Invest in 24/7 monitoring, detection, and response to be able to see how every device on the network is functioning at every moment in time in order to identify anomalous or suspicious activity and prevent a breach.
4) The way forward to a secure and connected future
IoT presents a huge opportunity, and many organizations have already taken steps to incorporate the technology into their business plans. According to Gartner, 63% of enterprises expect they will achieve financial payback in three years for their IoT projects. Security should be an integral part of these initiatives from day one. By looking ahead, security leaders can begin to develop a security strategy that addresses technological innovations, such as 5G and the growing presence of the cloud. Part of that planning will also include building a strategy for addressing the big data challenge associated with IoT. IDC predicts that by 2025, IoT devices will generate nearly 80 Zettabytes of data.
- Businesses: Incorporate security strategy into business plans for investment in IoT from the get-go.
No matter what the future brings, everyone can do their part and #BeCyberSmart to ensure the safety of IoT devices now and going forward. Cysiv is helping organizations achieve this mission through our SOC-as-a-Service, which provides companies all of the benefits of having your own world-class 24/7 SOC, but without the high costs, complexity and challenges that come with building, staffing and operating one. Learn more about our platform here.