The Internet of Things (IoT) is maturing, with IoT devices becoming increasingly common across all industries. And the widespread implementation of 5G networks is set to further IoT growth. Gartner predicts that, worldwide, the enterprise and automotive IoT market will grow to 5.8 billion endpoints in 2020, a 21% increase from 2019.
Yet, even as the number of connected devices skyrockets, many organizations are failing to adequately secure them. IoT devices and the data they transmit are all too often overlooked when it comes to enterprise security architectures.
And that can have costly repercussions.
Risks are rising.
Verizon’s Mobile Security Index 2020 took a special look at IoT by identifying a subset of respondents who were responsible for buying, managing and securing IoT devices and giving them a customized question set.
It found that the challenges seen in mobile were mirrored in the IoT environment. Thirty-one percent of IoT respondents admitted to having suffered a compromise involving an IoT device. As with mobile compromises, cutting corners on security was partially to blame.
Two-fifths (41%) of respondents admitted to sacrificing IoT security to “get the job done,” and when individuals bypass best practices, there are consequences. When employees ignored IoT security guidelines, organizations were 1.7 times as likely to experience a compromise involving an IoT device.
Of all Mobile Security Index respondents who suffered a compromise, 66% called the impact “major,” and for many, recovery was difficult and costly. Fifty-nine percent suffered downtime, 56% lost data and 29% were hit with regulatory penalties.
If you think your organization is likely safe due to size or industry, think again. Security breaches impact businesses of all sizes and across all industries.
admitted to sacraficing IoT security to "get the job done."
suffered a compromise involving an IoT device.
Steps to better security
If you don’t currently have a robust IoT security plan in place, or are planning to incorporate IoT devices into your IT infrastructure, here are some important steps to follow:
1. Review device security before you buy. Ask for any security reports provided by the vendor. Review security claims to determine their validity, and research any noted potential vulnerabilities. Also consider all connected devices—even those that may seem ancillary to your daily operations. Case in point: Hackers once accessed a casino’s customer database via the smart thermometer in a fish tank
2. Harden all IoT devices. Experts recommend a multipronged approach to device security that includes securing vulnerabilities such as TCP/UDP ports, open password prompts, places to insert code and even radio connections. In addition, once devices are in use, change the passwords to complex passwords that are difficult to replicate and can reduce the risk of a breach
3. Stay up to date on security patches. Create a schedule for regularly updating security patches for IoT devices. Many vendors don’t create patchable devices from the start, which is why the aforementioned step of researching devices before you buy is critical
4. Restrict device access. Establish a list of who is allowed to access devices and for what reasons, and keep it as current—and as small—as possible. Also review which of your organization’s contractors or partners are allowed to access devices, and cull this list often to help reduce the risk of third-party breaches
5. Secure your networks. Take advantage of strong user authentication protocols, so only authorized users have access to your networks. Context-aware authentication is especially useful with IoT applications, providing an added element of security. Network-layer and transport-layer encryption are also best practices for decreasing risk
6. Encrypt user and application data. IoT devices are often transmitting private, personal data. Encrypting this information in transit and at rest should be a major priority. If not, your organization could face not only data loss and breaches, but penalties and reputation damage as well
IoT opens up a world of possibilities for your business—and for bad actors. Given the level of financial and brand damage that a security breach can bring, it’s critical to incorporate IoT devices—including mobile ones—into your overall security architecture. Otherwise, you stand to lose more than you gain from your IoT deployment.
Find out what threats you might be missing with our Mobile Security Assessment.