A new study from Kaspersky found that businesses’ biggest challenge when deploying IoT devices is making sure the solutions are fully secure.
New research from Kaspersky indicates that 43% of businesses don’t protect their full IoT business suite, leaving them vulnerable to cybersecurity breaches and data compromises. The global number of IoT devices is expected to grow nine percent over the next three years, bringing the total number of devices to 27 billion IoT connections. As the number of botnet DDoS attacks on IoT devices continues to balloon in both volume and scale, it is more important than ever to make sure an organization’s full IoT suite is secured and prepared for potential cyberattacks.
“IoT brings fantastic opportunities not just to businesses but to all of us, enabling comfortable living, transport, faster delivery and communications,” said Andrey Suvorov, CEO at Adaptive Production Technology, Kaspersky’s subsidiary IIoT company. “IoT is widely used in smart cities (62%), retail (62%) and industry (60%). These include projects such as energy and water management, smart lighting, alarm systems, video surveillance and many more. Experts around the world are working on the task of effective protection for such projects but efforts should be made at every level–from equipment manufacturers and software developers to service providers and companies that implement and use these solutions.”
SEE: Hiring Kit: IoT developer (TechRepublic Premium)
IoT’s growing pains
According to Kaspersky’s findings, 64% of businesses have begun or already utilize IoT solutions, but 43% do not have them fully secured, opening the possibility of a cyberattack. This is speculated to be due to the large number of IoT solutions incompatible with existing security measures. Of the businesses surveyed, 46% said they fear the potential of security products interfering with the efficiency of these devices, or that it may be too difficult to find a working solution to the security problem. Additional concerns faced by organizations included high cost of implementation, being unable to justify investment to executives and a lack of specific IoT knowledge by security experts.
In addition, over half of enterprises have apprehension towards collecting big data from IoT devices due to the potential exposure to cyber-sabotage and espionage. Despite these challenges, if an IoT solution is to be implemented or deployed, it is imperative that devices are secured or businesses could find themselves scrambling to prevent an attack it is unequipped to face.
“Cybersecurity must be front and center for IoT,” said Stephen Mellor, Chief Technology Officer at Industry IoT Consortium. “Managing risk is a major concern as life, limb and the environment are at stake. An IT error can be embarrassing and expensive; an IoT error can be fatal. But cybersecurity is only one part of making a system trustworthy. We also need physical security, privacy, resilience, reliability and safety. And these need to be reconciled: what can make a building secure, locked doors for example, could make it unsafe if you cannot get out quickly.”
Solutions to IoT security issues
To assist businesses with securing their various IoT devices, Kaspersky suggests the five following approaches:
- Assess the status of a device’s security before implementing it
- Use a strict access policy, network segmentation and a zero-trust model
- Adopt a vulnerability management program to regularly receive the most relevant data
- Check the IoT Security Maturity Model
- Use a dedicated IoT gateway that ensures the inbuilt security and reliability of data
By utilizing these five tips and creating several buffers of security, organizations can more effectively protect their IoT solutions, thus mitigating the growing amount of risk associated with employing the devices themselves. Zero-trust policies may be the biggest key in keeping these solutions secure, by assuming everything can be a potential threat until it is thoroughly vetted.
An IoT specific approach suggested by Kaspersky is ‘cyber immunity’ defined as an IoT device being linked through automated devices without any additional security functions. By adopting a cyber immune plan of attack, IoT devices can have the ability to withstand potential cyberattacks through the use of microkernel architecture, making it easier to check for irregularities and reducing system complexity and the potential surface for attacks. This creates a simplified solution in which devices can be secured without a significant amount of time and resources dedicated to guarding IoT equipment, while also giving businesses peace of mind when employing this technology.