Internet of Things (IoT) is the soft underbelly of many businesses and an area they need to do more to protect, according to a recent report released this week by cybersecurity firm Palo Alto Networks.
In a latest survey of 1,350 IT business decision makers across 14 countries in Asia, Europe the Middle East and North America, the respondents expect the cybersecurity challenges pose by connected devices but are not prepared for them. Over 40% of them admitted they need to make a lot of improvements to the way they approach IoT security, and 17% said that a complete overhaul is needed – amounting to more than half of those polled. The survey was conducted by technology research firm Vanson Bourne on behalf of Palo Alto Networks
The results of the poll are revealed in the report entitled “The Connected Enterprise: IoT Security Report 2020”. Palo Alto Networks released the survey as part of its ongoing efforts to shed light on security threats posed by the surge in deployment of internet-connected devices.
IoT device proliferation
The explosive growth of IoT devices is a serious concern, with 89% if respondents seeing increased number of IoT devices on their networks in the past 12 months. Of these respondent, more than a third or 35% cited a significant increase.
IoT device proliferation is a growing issue. Most IT decision-makers (89%) reported seeing increased numbers of IoT devices on their networks in the past 12 months, with more than a third (35%) reporting a significant increase.
Furthermore, the report pointed out that more non-business devices are coming onto networks, with everything from connected teddy bears to medical devices to electric vehicles now needing to be secured alongside business IoT. Below the most common IoT connected devices being plugged onto home and corporate networks:
Hong Kong context
Overwhelmingly, 91% of Hong Kong respondents have seen a rise in the number of IoT devices connecting to their networks over the last year.
One red flag emerged: 31% of respondents said they need to make a lot of improvements to the way they approach IoT security, and 37% said that a complete overhaul is needed, amounting to more than two thirds of those polled.
“Devices that employees innocently bring onto an organisation's network are often not built with security in mind, and can be easy gateways to a company’s most important information and systems,” said Wickie Fung, managing director, Hong Kong and Macau at Palo Alto Networks. “To address that threat, security teams need to be able to spot new devices, assess their risk, determine their normal behaviours and quickly apply security policies.”
Back to the report’s general findings, one in five (20%) of those surveyed reported that they have not segmented IoT devices onto separate networks – a fundamental practice for building safe, smart networks. Only 21% reported following best practices of using micro-segmentation to contain IoT devices in their own tightly controlled security zones.
“Traditional networks are ill-equipped to handle the surge in adoption of IoT devices,” said Tanner Johnson, senior cybersecurity analyst at Omdia. “Device behaviour baselines need to be established to allow for new recommended policies to help stop malicious activity. For instance, it would raise a flag if a connected thermostat started transmitting gigabytes of data to an unfamiliar site.”
Indeed, IoT devices are the weak link in IT networks. An earlier research conducted by Unit 42, Palo Alto Networks threat intelligence research arm said 57% of IoT devices are vulnerable to attacks of medium to high severity. This posed a big challenge as Business Insider Intelligence forecasts there will be more than 41 billion IoT devices by 2027, up from 8 billion last year.