April 28, 2020

Explosion of unmanaged IoT devices and enterprise security pitfalls

Feb 20, 2020
Senthil Babu
Senior Director, IoT and Data Science Practice Head
Smartsoft International Inc.
5050 Research Ct, STE 100, Suwanee GA 30024

Opinion | The laws governing cyberspace have got a lot scarier

IoT solutions that combine data gathering, tracking, and analysis promise to revolutionize manufacturing, industrial maintenance, supply chain management, logistics, retail, agriculture, urban administration, infrastructure management, surveillance, consumer market and many other sectors. The benefits of IoT solutions are undeniable, and yet recent high-profile attacks combined with uncertainty about IoT security best practices and their associated costs have left many businesses high and dry when it comes to the trust placed in the technology.  It is important to build the ‘trust’ in connected devices through robust digital security designs that are baked at all points in the ecosystem, not just the devices, to prevent vulnerabilities as a whole.

Unprecedented Rise of IoT

It is estimated that over a million new IoT devices are connected to the Internet daily, and these numbers are accelerating at an unprecedented rate. According to Cisco, as many as 50 billion Internet-enabled IoT devices are expected to be connected by the year 2020. Although IoT opens the door to unprecedented connectivity, it also brings with it a slew of new security risks. Recent estimates put enterprise IoT devices at roughly 30% of all network-connected endpoints; this begs for all the more reason to secure all these new devices.  Each of these network-connected points includes sensors that collect data, interact with the environment, and communicate over a network contributing to massive explosion of data. These smart, connected devices generate data that IoT applications use to aggregate, analyze, and deliver insight, which helps drive more informed decisions and actions. This value generated by IoT became a critical part of digital transformation business strategy for business.

Growth in the Internet of Things

Source: Cisco

Why Security concerns are neglected?

The rapid rise of IoT combined with the rush to get the next big thing to market and greed to quick profits in an immature but competitive market made the IoT a security victim. Manufactures and Vendors are not considering the security issues associated with data access and management as well as IoT device security resulting in product plagued with security holes. The general security posture of the IoT devices is declining, leaving organizations vulnerable to new IoT-targeted malware as well as older attach techniques that IT teams have long forgotten. Majority of the IoT device traffic is unencrypted exposing personal and confidential data on network. Roughly 57% of Iot devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers. Because of the generally low patch level of IoT assets, the most frequent attacks are exploits via long-known vulnerabilities and password attacks using default device passwords.

High-profile, IoT-focused cyberattacks are forcing industries to recognize and manage IoT’s risks to protect their core business operations. To know and manage risk proactively, an organization needs an effective IoT security strategy. Some of the steps to manage and reduce risk include:

  • Discover IoT devices on the network
  • Patch management strategy for network-connected devices
  • Segment IoT devices across VLANs
  • Enable Active Monitoring