According to a recent research, there will be approximately 55 billion IoT devices by 2025. This will be a significant leap from just 9 billion smart devices in 2017 (adding up to a total collective investment of $15 trillion).
While IoT can help us become more productive, efficient, and save money, having these smart devices in our homes, cars, and workplaces can also leave us vulnerable to a serious breach. In fact, Gartner predicts that 25% of all cybersecurity breaches will involve IoT devices by 2020.
While the adoption of IoT devices goes through a period of acceleration across industries, they’re still virtually unprotected. They don’t run on standard operating systems, don’t have enough memory, and are unable to run common security tools.
A lot of devices are also unable to apply firmware updates. As a result, even if vulnerabilities are identified at a later date, there won’t be any way to patch it. On rare occasions when its possible to patch vulnerabilities, security teams can also find it difficult to keep up with these patches.
All of this will continue to make IoT devices an extremely attractive target for bad actors. Looking at the bigger picture, the industries that will be most vulnerable to attacks are healthcare and manufacturing. However, even the smart thermostat or smart refrigerator in your home can also be vulnerable to a potential attack.
IoT Vulnerabilities in Healthcare
In healthcare, there’s already a threat called medical device hijack (MEDJACK) that’s on the rise. It’s achieved by developing custom software tools that identify and compromise IoT medical devices on the network.
As in-house IT teams can’t install endpoint security software on these FDA approved devices, they’re essentially left open for bad actors to install a backdoor to gain access to the network (which is often impossible to identify by hospital security teams).
The consequence of such a breach can be extended from identity theft to stealing narcotic prescriptions to ransomware attacks that can bring the whole sector down to its knees.
IoT Vulnerabilities in Manufacturing
The manufacturing industry was the first to adopt IoT and it hasn’t slowed down. Within this industry, IoT enables efficient process control by leveraging a wide variety of IoT devices.
This means that the assembly lines are also highly dependent on feedback data of specific measurements. As a result, a small breach in the system can end up breaking the bank.
So How Do You Secure IoT Devices?
It’s safe to say that IoT security is more or less like a moving target and there’s no silver bullet that can easily resolve potential vulnerabilities. Going forward, IoT security will demand a collective effort from all stakeholders across industries to improve security and resilience.
For now, IT and business leaders need to pause and ensure that their purchase decisions have security at the forefront. There are also some simple steps that can be taken to keep your smart devices secure. Let’s take a look.
1. Focus on Resilience
Some manufacturers are better than others when it comes to security. This makes it important for decision-makers to do their homework and only purchase IoT devices that are as resilient as possible to a breach.
If these types of devices are hard to find, then the focus must shift to smart devices that can be brought back online quickly. It’s also a good idea to develop mandatory risk management procedures for critical infrastructure to be better prepared for the worst-case scenario.
2. Manage Your Network in Real-Time
IoT vulnerabilities only pose a threat because they’re connected to the same (critical) enterprise network. So it’ll be vital for IT leaders to take a hands-on approach to managing internal networks.
This means continuously practicing prudence when allowing smart devices on to the network. Security teams also need to be aware of what IoT devices are on the network and what they’re designed to do (at any given moment).
Only smart devices that are deemed necessary should be connected to the network. IoT devices that don’t place a critical role within the organization can be placed on a separate network.
3. Change Default Passwords
Most IoT devices have default manufacturer passwords and these should be changed before adding them on to the network. While it might feel cumbersome to create individual usernames and passwords for multiple IoT devices, not doing so will make it extremely easy to hack into your network.
The data generated by these smart devices also need to be encrypted to ensure security. Whenever you can’t guarantee it, the best approach is to install an encryption tool or place files in secured ZIP files.
IoT security will continue to be a major concern going forward, but the wheels are already in motion to help secure the future of smart devices. According to Gartner, global spending on IoT security will reach $1.5 billion this year to protect against a wide range of security threats.
It’s interesting to note that this figure represents a whopping 28% increase from the $1.2 spent last year. You can expect that number to keep rising in the years to come and it reflects the fact that we’re all now aware of the risks of living in a highly connected world. In fact, Gartner predicts IoT security spending to easily go over $3.1 billion by 2021.