Gartner observed that in the past three years, nearly 20% of organisations have already observed cyberattacks on IoT devices in their network.
IoT Analytics forecasts that globally the number of connected IoT devices will grow at 9% annually, reaching 27 billion IoT connections by 2025. Riding on this growth of connected devices is an increased need for security.
ResearchandMarkets forecasts the global IoT security market to grow from US$3.86 billion in 2021 to US$5.09 billion in 2022. The firm attributes this growth due to the companies stabilizing their output after catering to the demand that grew exponentially during the COVID-19 pandemic in 2021.
While 64% of respondents to the Kaspersky study, Pushing the limits: How to address specific cybersecurity demands and protect IoT, use IoT solutions, as much as 43% do not protect them completely.
The National Institute of Standards and Technology (NIST) paper, Recommended Criteria for Cybersecurity Labelling for Consumer Internet of Things (IoT) Products, posits that to reduce IoT product vulnerabilities, it is important to understand already exploited vulnerabilities in IoT products and ensure that consumer IoT product labelling programmes consider these incidents in its criteria to help improve the cybersecurity of the IoT ecosystem.
Dr Dorit Dor, chief product officer with Check Point Software Technologies, explains that there are many levels to IoT leaving to misunderstanding and potential risks of exposure to threats from within and outside the organisation.
“Even the lowest cost IoT device could be a starting point for an attack. You have to understand the connectivity of the IoT device to the internal and outside world. The fact that it bridges the two things without having the right IoT controlling them is the biggest evidence of this,” she explained.
“People use IoT to do massive attacks (DDoS massive attacks) by taking over IoTs in many locations and doing denial of service or other destruction for the world. These are less focused attacks and more widespread attacks.”Dorit Dor
More common than you think
Dr Dor cautions that attacks that stem from unprotected IoT are not always targeted at specific industries. She calls back understanding that cybercriminals are often looking for the least protected targets.
That is not to say that there are attacks that are specifically directed at certain industries or organisations.
“It is less of a sectorial issue. It's more of a general issue of IoT devices being spread around and kind of hindering the security architecture of the organisation. By creating all these hidden links, the IoT itself could be served as a jump point for the intended target,” she cautioned.
Common misconceptions and challenges
Dr Dor noted that one of the biggest misconceptions when it comes to IoT security is the perception among enterprises that they do not have any IoT devices in the workplace. And if they did, the other misconception is that these devices are not connected to the internal network (without their knowledge).
Another misconception, she added, is enterprises think they are protected when they are not.
“People don’t always have the right personnel to perform the security sections required,” she posited.
Advanced technologies to the rescue?
Asked whether any advanced technologies help solve some of the challenges she presented, Dr Dor is confident that tools are available to help in the process of understanding the challenges.
She cited the use of artificial intelligence (AI) as helping map the devices that are seen on the network of IoT devices and mapping their behaviour.
“But to do this, you need to have a lot of data on similar IoT devices that exist,” she cautioned.
“So as an organisation, you may not have enough data to secure your IoT devices. However, you probably have enough data on different uses and usages of this IoT device that could help you sanction or create sectioning policies for the IoT device.”Dorit Dor
Bringing about greater security of IoT devices in the enterprise
Dr Dor suggests reducing the access atmosphere of the IoT device to the least limited or a zoning-based approach. The other step is to understand what the IoT does and see that it behaves like a legitimate IoT device.
She recommended organisations buy IoT devices that have some security and stability built in.
Click on the PodChat player and hear in greater detail Dr Dor’s observations and recommendations for securing IoT for the enterprise.
- What are the IoT cyber security threats faced by enterprises?
- How common are these threats?
- What are common misconceptions and challenges encountered today when enterprises try to secure IoT devices?
- Can advanced technology such as AI, machine learning and deep learning solve these problems?
- What are the roles of AI, machine learning and deep learning in IoT security?
- What are your recommendations to bring about greater security of IT devices in the enterprise?