The Internet of Things (IoT) has ushered in a new era of access, bringing with it both opportunities and potential vulnerabilities across the whole technology stack. IoT has already reached beyond two hundred known applications in enterprise settings and IoT devices are projected to increase to 43 billion by 2023.
In addition, research suggests that there will be more than 75 billion devices connected to the internet by 2025, which equals around 10 IoT devices for every human on earth.
Various industries are using IoT for a more connected experience across their businesses. For example, manufacturing providers have increased IoT spending significantly over the past few years.
During the pandemic, manufacturers leveraged IoT to monitor and maintain equipment without a full team of staff, for tasks such as temperature and usage monitoring.
Gartner estimates that installed IoT endpoints for manufacturing and natural resources industries are forecast to grow 1.9 billion units in 2028. This foreseen estimate is fivefold the size of 331.5 million units in 2018.
As Singapore continues to roll out smart business initiatives such as the Networked Trade Platform to position itself as a leader in trade and supply chain, IoT devices will play a role in fulfilling said initiatives.
But, as IoT expands across the globe to offer a more connected experience, security undoubtedly takes a hit. IoT technology creates a broader attack surface, leaving businesses exposed to threats of attack.
The increasing attack surface of IoT devices
IoT devices are notoriously hard to monitor and secure, as most of them utilise legacy systems and infrequently connect to the internet, making them hard to track. This beckons a frustrating question for many CISOs and security teams; How can security experts secure and patch IoT devices if they don't know the device is there?
This is especially so when employees bring their devices to work (BYOD) which results in the issue of shadow IT. It refers to the use of technology without the knowledge of IT departments and this contributes to the lack of visibility on IoT devices.
As the office disruptions brought about by the pandemic are slowly diminishing, plenty of employees surveyed by EY expect to return to the office, whereas others look to a hybrid work model. This could spell an influx of vulnerable devices being brought back to the office as people return to work post-pandemic.
Furthermore, the endpoint can be deployed but with these small, unadvanced IoT devices, normal security telemetry can’t be. This poses additional threats to devices. Systems are left vulnerable when vital updates and device inventory are lacking.
IoT security nightmares
The Cybersecurity Agency of Singapore detected nearly 6,600 botnet drones with Singapore IP addresses daily in 2020, a massive spike from the 2019s daily average of 2,300. Mirai and Gamarue were the key malware types that accounted for 25% of infected Singapore IP addresses in 2020. Globally, malware types such as Mirai have been observed to target IoT devices, launching DDoS attacks.
In August 2021, the United States Cybersecurity and Infrastructure Security Agency (CISA) and Mandiant, a threat intelligence firm, disclosed a critical vulnerability in ThroughTek. This vulnerability allowed attackers to access millions of IoT cameras to view and record live feeds and compromise credentials for further attacks.
This discovery highlights the increasing challenges of IoT supply-chain security, which often demands immediate action to apply necessary software updates. Connected devices need to have the same cybersecurity as other IT systems to avoid exploitation which can have major consequences.
Monitor IoT with network detection and response
Organisations need to take steps like implementing sophisticated network segmentation and Zero Trust so that no asset is implicitly trusted.
At the same time, a device discovery plan should be in place for all IoT component producers to manage device inventory and containment. Businesses also need to be able to gather deep forensics insights to investigate the cause of a threat and ensure it doesn’t happen again.
Connected devices require a more advanced network security tool, such as network detection and response (NDR), which shows organisations’ east/west movement and can display thorough device inventory taking the pressure off security teams.
NDR solutions, however, can see everything on the network – every device, traffic, and activity.
Security teams need to have an actionable plan in place to eradicate vulnerabilities and risks rapidly from the business environment, leaning on deep forensic insight to help. These capabilities give teams the resources they need at their fingertips to hunt, investigate, and remediate threats quickly providing a full spectrum of response and streamlining the workflow.
The growth of IoT is going to continue to explode – but so will cyberattacks. Organisations need to ensure they are prepared by putting the right tools in place now to reduce response time when an attack inevitably hits, especially with how crucial IoT has become to the functionality of supply chains and manufacturing. Being left in the dark is no longer an excuse.
