In its analysis of the impact of COVID-19, consultancy McKinsey calculated that digital transformation programmes accelerated by seven years in just a few months to meet customer demand. In turn, this has fuelled growth in IoT. Today, we’re seeing IoT finally come of age as enterprises move from experimentation to understanding how to deploy IoT. Recent Eseye research: ‘The State of IoT Adoption in 2021’ found that the larger the project, the faster the acceleration as organisations embrace IoT.
Security of devices cited as the biggest hurdle to overcome
Our research showed that organisations are reaping multiple benefits by embarking on IoT projects. It includes entering new markets and launching new product lines to disrupt business models and markets. However, while businesses can reap impressive benefits from IoT, adoption is not without its challenges.
Again, in our research, over one-third of our survey respondents (39%) said the security of devices and environments was the biggest hurdle they had to overcome. Meanwhile, 35% said that device onboarding and cellular connectivity had proved difficult.
So why is IoT security so problematic?
For a start, each connected device represents a potential breach point for enterprises. As the number of devices rises exponentially, there is a more complex ecosystem to manage, leading to increased security vulnerabilities.
The first thing to ensure is that the organisation has visibility of these devices. You can’t accurately assess potential dangers to the network until you understand what could be causing it. Many organisations don’t prioritise IoT security. It means they don’t realise the risks until it is too late. Furthermore, the pandemic has made threats more sophisticated and widespread.
Typical security problems encountered range from weak password protection to insecure interfaces, poor IoT device management, insufficient data protection and a general lack of regular patches and updates – especially in highly dispersed environments.
Take the manufacturing sector as an example. One of the big issues with their IoT environments is that even routine security maintenance can prove onerous. As a result, there is a laissez-faire approach to patching and software updates for fear of shutting down the production environment, with uptime taking priority.
It is a high-risk approach. Additionally, manufacturing IoT environments are no longer safely air-gapped. Instead, they are connected to corporate and cloud networks. It creates a large and lucrative attack surface for cybercriminals intent on disrupting production or stealing data for espionage. Unfortunately, compromised IoT devices can be used to move laterally into corporate networks to access and exfiltrate confidential data.
Security is seen as an after-thought
A recent IDC report reveals that the rush to deploy new digital technologies often comes without the right security measures in place. There are often vulnerabilities around the security of new IoT infrastructure and gaps in protecting legacy systems that may connect to more open environments.
Additionally, a study published in July 2020 analysed over five million IoT, IoMT (Internet of Medical Things), and unmanaged connected devices in healthcare, retail, manufacturing and life sciences. It revealed numerous vulnerabilities and risks across a diverse set of connected objects and found that:
- Up to 15% of devices were unknown or unauthorised.
- 5 to 19% were using unsupported legacy operating systems.
- 49% of IT teams were guessing or had tinkered with their existing IT solutions to get visibility.
- 51% of them were unaware of what types of smart objects were active in their network.
- 75% of deployments had VLAN violations.
- 86% of healthcare deployments included more than ten FDA-recalled devices.
- 95% of healthcare networks integrated Amazon Alexa and Echo devices alongside hospital surveillance equipment.
There’s no denying that IoT security is complicated. However, professionals in the field should understand best practices for efficient risk assessment and mitigation.
Security breaches can cause severe financial, reputational and brand damage
Most IoT products are developed with ease of use and connectivity in mind. They may be secure when purchased but become vulnerable when hackers find new security issues or bugs. If they are not fixed with regular updates, the IoT devices become exposed over time.
Losing connectivity or access to a device due to a cyberattack is an increasingly growing IoT threat. These events can be financially devastating, reputation destroying and brand damaging. It can cause widespread collateral loss to an organisation’s bottom line.
Ultimately, organisations need to develop and execute a strategy to mitigate risks, protect the business, and build confidence in IoT initiatives. Therefore, we recommend that IoT devices be secured out of the box without deploying agents or additional hardware.
Today’s dynamic environment demands reliable and ubiquitous mobile and remote device connectivity. It is essential for organisations with devices deployed worldwide and across various mobile network operators (MNOs) to ensure operational resilience and business continuity.
The knowledge from agentless device security platforms, such as Eseye partner, Armis, provides granular device details and behavioural insights in real-time to trigger faster, more effective detection and response to security incidents. Organisations should build this into the IoT tech stack as part of a managed service. It will ensure that IoT devices are always protected against increasingly sophisticated cybersecurity threats.
Security by design
In summary, we advocate that security is considered at the very beginning of the design process, with the right expert knowledge mobilised as early as possible. The later the process of assessing, testing, and hardening IoT solutions is left, the more difficult and costly it is to get it right.
Worse yet, discovering critical weaknesses or inadequate contingency plans only after a breach has happened can be more costly still. Therefore, companies should be building security in and adopting a security by design approach. It will properly secure their IoT devices and leave organisations confident about current and future initiatives.
The good news is that 86% of our survey respondents said that IoT is a priority for their business. 49% are planning further IoT projects in the next couple of years. In fact, by 2026, industry predictions point to more than 26 billion connected devices in the world. It’s a vast opportunity, but it also brings risks, especially with the exponential growth in cyber threats. Frequently designed without security, IoT devices have become a new threat vector for bad actors to use when launching attacks.
Keeping IoT devices secure and ensuring the data they hold isn’t compromised has to be a top priority for any IoT initiative to succeed. IoT security cannot be an afterthought or an add-on. Security must be built in from the beginning, and a reliable infrastructure for the IoT device should be maintained throughout its lifecycle.
Eseye empowers businesses to embrace IoT without limits. We help them to visualise the impossible and bring those solutions to life through innovative IoT cellular connectivity solutions that enable our customers to drive up business value, deploy differentiated experiences, and disrupt their markets.
Our pioneering technology allows businesses to overcome the complexity of IoT deployment and develop, deploy, and manage IoT projects without the fear of getting it wrong. We guide them every step of the way. Supported by a powerful partner ecosystem, we seamlessly connect devices across 190 countries, agnostic to over 700 available global networks.