Cybersecurity no longer ‘one size fits all’ in an IoT world

 As more "things" become connected, the number of ways to attack them increases. Since cyber security is no longer one-size-fits-all, businesses need to take care of it

The Internet of Things is changing the way the world works and plays. From MedTech, logistics and transportation applications to smart home solutions, the Internet of Things is enabling a larger digital transformation that will produce massive amounts of data to be stored, analyzed and transmitted across an ever-expanding global network.

But as the world of IoT continues to expand, so do security threats. The billions of IoT devices in use have naturally created new vulnerabilities for companies. According to global management consultancy McKinsey, as more "things" become connected, the number of ways to attack them increases dramatically. A large pre-IoT enterprise network may have needed to account for as many as 500,000 endpoints vulnerable to attack, while the IoT may involve a network with millions or tens of millions of these endpoints.

IoT drives transformation, but vulnerabilities pose risks to businesses

The potential value of IoT is great and growing. By 2030, McKinsey estimates this could reach up to US$12.5 trillion globally. And according to Palo Alto Networks, the rapid growth in capabilities and adoption of IoT technology has fueled the transformation of business operations.

IoT devices are estimated to account for 30% of the total devices in enterprise networks today, with the rich data collected from these devices providing a wealth of valuable information that informs real-time decision-making and provides accurate predictive modeling. In addition, IoT is a key enabler of digital transformation in the enterprise, with the potential to increase workforce productivity, business efficiency and profitability, as well as the overall employee experience.

Despite the many benefits that IoT technologies enable, the connectedness of smart devices presents a significant challenge for businesses, especially in terms of serious security risks arising from unmonitored and unsecured devices connected to the network.

What's more, with the rise of hybrid work environments, security weaknesses in employees' home networks could pose risks to businesses. Last year, Infosec company Bitdefender found a number of security vulnerabilities in a particular brand of baby monitors, potentially allowing attackers to access camera feed or run malicious code on vulnerable devices.

And beyond the commercial impact, the risks of IoT-related service disruptions extend to critical infrastructure in our communities.

"Imagine the consequences of an attack on the connecting infrastructure of a subway line, a compromise of a wireless pacemaker, or a shutdown of the power grid," states Fortinet's white paper. As the report explains, security professionals must be prepared to define solution requirements thoughtfully to protect against these new threats.

The work-from-anywhere era has blurred the lines between home and work networks,” explains Sunil Ravi, Chief Security Architect at Versa Networks. “Once malware penetrates a home network, it can move laterally to the homeowner's work network and cause significant damage to the organization. As IoT devices are perfect targets for malware, vendors need to ensure their products have effective security.”

Connected devices may be vulnerable to tampering

As Palo Alto Networks explains, without robust security, any connected IoT device is vulnerable to intrusion, compromise, and control by a bad actor who can ultimately infiltrate, steal user data, and destroy systems.

With the large volumes of different IoT devices that continue to connect to the network, the attack surface is dramatically expanded in parallel. As a result, the overall security posture of the network is reduced in terms of the level of integrity and protection offered to the least secure device.

In addition to these challenges, 98% of all IoT device traffic is unencrypted, posing a serious risk to personal and confidential data.

Almost half of respondents to a Capgemini study identified the incorporation of technologies such as IoT as one of the top issues exposing their organization to disruption. Ineffective delegation of cybersecurity responsibilities is also a major vulnerability, a problem that makes it difficult to identify malicious activity early on.

As Tom Canning, vice president of global IoT and device sales at Canonical, explains, “Enterprises need to take a long, hard look at where their security burden lies and seriously consider how they trust IoT applications to support and manage their networks. That way, managers can be confident that they are future-ready with technology that can automatically fix any security issues.

"In the smart era of Industry 4.0, it is no longer a universal solution. Device hardware is not static, and manufacturers must realize that the future lies not in this form of vulnerable hardware, but in software-defined capabilities.

As attacks continue to accelerate, more measures are needed to protect and secure the manufacturing industry for the future. It will take investment and real commitment to change the way the industry thinks about security in relation to smart infrastructure. The billions of existing IoT devices weren't deployed overnight, and the security issues they inherit won't be fixed overnight either.”

SASE strikes a perfect balance

Defined by Gartner in the 2019 Networking Hype Cycle and Market Trends report, Secure Access Service Edge (SASE) represents a new architecture in which networking and security functions are combined into a cloud-based service. As IoT and internet traffic continue to rise, SASE enables enterprises to simplify network integration, security and policy management of distributed devices with a centrally managed platform.

"While at first glance, security and network performance may appear to be at completely opposite ends of the spectrum, SASE has proven to be able to strike the perfect balance between the two," explains Apurva Mehta, CTO and co-founder of Versa Networks. .

“SASE enables tighter integration between network performance and security. This means that IoT devices can be secure while maintaining high performance. In addition, through SASE, organizations can ensure that all endpoints in IoT networks receive the same amount of security coverage and management capabilities, giving security teams complete visibility across their entire network.

SASE not only provides organizations with visibility across all endpoints in IoT networks, it also segments the network. In this way, organizations can limit the movement of malware in IoT networks, which means that an organization's cyber risk is dramatically reduced. Additionally, when suspicious activity is spotted