My first association with IoT was way back in 2016. We were then working on developing an IoT-based solution for monitoring blood banks. Security was on the table but it was not a big priority for many businesses back then as I found out from my interactions with many IoT experts. Many DDoS attacks and generations of IoT devices later, enterprises are still struggling to address IoT security concerns. Let us examine why IoT security continues to pose a huge challenge to enterprises and what needs to be done to address this.
What security challenges are IoT devices facing?
1. Expanding surface area
Users often represent the most important attack surface area as they could be the target for a phishing campaign, could inadvertently or voluntarily share credentials or other sensitive information, or could easily be tricked into taking actions that may lead to the deployment of malware. All these actions could not just compromise data and credentials but also cause attacks that could be costly and set back production schedules or other goals by days, months, or even years.
The addition of devices also represents an addition of threat surface area. In addition, misconfiguration of networks or devices could also lead to the opening of gaps in the security architecture.
2. The growing number of IoT devices
The number of IoT devices coming online continues to grow each month. Depending on which data source you subscribe to, this number can vary by the thousands. With new use cases being added every year, IoT has already made deep inroads into sectors such as agriculture, smart homes, transport, financial services, and manufacturing. The number of IoT vendors has also grown exponentially in the last few years. The number of IoT device manufacturers has also seen exponential growth with the rise in the number of manufacturers in countries where they were manufactured traditionally as well as the addition of new manufacturing units in other countries.
With such a rise in the number of devices manufactured, one would have hoped security would receive more attention and generational security gaps would be addressed with the arrival of new and more efficient IoT devices. However, what we are seeing instead is the detection of new vulnerabilities at all levels in new devices along with generational vulnerabilities that have not been addressed. Such a scenario is creating new opportunities for hackers to exploit.
3. Rising sophisticated attacks
IoT devices and projects are attracting plenty of attention from APT groups now. The rising integration of IoT into critical infrastructure projects and the use of IoT in the financial services and other key sectors could be one of the reasons why APT groups are increasingly scanning IoT devices across verticals. According to Sectrio’s threat research team, IoT projects logged a 77 percent rise in cyberattacks in the month of April 2022.
This was the single biggest rise in attacks ever registered. The number of sophisticated attacks logged a 133 percent rise in the same month. Oil and gas and manufacturing were the most attacked sectors.
4. Regulatory/Compliance Standards
There are many standards that enterprises can adopt to improve their security. We have compiled them for you here. In addition, the OneM2M standard also enables IoT applications to discover and interface with IoT devices in various distributed environments based on a common service layer. It also prescribes many other avenues for improving IoT security.
While most of the standards are voluntary, regulators often recommend voluntary adherence to them in order to mitigate risks and reduce risks and this could be one of the reasons why such standards are not adhered to by many businesses across sectors. Some of these standards when adopted could improve efficiencies and promote the network and asset transparency which translates into improved productivity and return on capital invested.
These are just some of the reasons why IoT security is still a challenge for enterprises. In order to address these aspects, businesses will have to scale up their overall security measures around.
Also Read: The Complete guide to IoT Security
Here are 7 measures to address critical IoT Security challenges:
- Embedding security requirements in the procurement process to cover the whole supply chain
- Security requirements should also be tested at the proof of concept level for each project
- Vulnerability and patch management should be accorded priority
- Security audits should be conducted frequently and risk exposure and the overall security posture analyzed to derive gaps and opportunities for improvement
- IoT security goals should be published as part of the overall operational security policy of the enterprise across locations
- Improve threat hunting with the right threat intelligence and mature practices
- Go for a decoy and deception solution to deflect cyberattacks and study them
Do an IoT threat assessment now to find out your security gaps
Try our threat intelligence feeds for free now: Sign up for free threat intelligence feeds today.