Gartner noted that in the last three years, about 20% of organizations have already seen a cyberattack on IoT devices in their network.
IoT Analytics forecasts that the global number of connected IoT devices will grow at 9% per year, reaching 27 billion IoT connections by 2025. Riding on this growth of connected devices is an increased need for security.
Research and Markets predictions of the global IoT security market growing from US$3.86 billion in 2021 to US$5.09 billion in 2022.
While 64% of Kaspersky survey respondents, Pushing the limits: How to address specific cybersecurity needs and secure the IoTuse IoT solutions, as 43% do not protect them at all.
National Institute of Standards and Technology (NIST) paper, Recommended Cybersecurity Labeling Criteria for Internet of Consumer Things (IoT) Productsstates that in order to reduce IoT product risks, it is important to understand the vulnerabilities that have already been exploited in IoT products and ensure that consumer IoT product labeling systems consider these incidents in their way to help improve the cybersecurity of the IoT ecosystem.
Dr Dorit Dorthe chief product officer of Check Point Software Technologies, explains that there are many standards in IoT that leave misunderstandings and possible risks of exposure to threats from inside and outside the organization.
“Even the most expensive IoT device can be a prime point of attack. You have to understand the connection of the IoT device to the internal and external world. The fact that it combines these two things without having the right IoT to control it is a big proof of this,” he explained.
“People are using IoT to do massive attacks (massive DDoS attacks) by taking over IoTs in many places and doing denial of service or other world destruction. This is a very unfocused attack and a very widespread attack.”
More common than you think
Dr Dor warns that attacks from unsecured IoT are not always targeted at specific industries. He takes it back to understand that cybercriminals often look for less secure targets.
That doesn’t mean there are attacks that are targeted at specific industries or organizations.
“It is not a matter of structures. More than a common issue of IoT devices being distributed around is also the nature of preventing an organization’s security architecture. By making all these hidden links, the IoT itself can be used as a jumping off point for targets,” it warns.
Common misconceptions and challenges
Dr. Dor noted that one of the biggest misconceptions when it comes to IoT security is the perception among businesses that they don’t have IoT devices in the workplace. And if they do, another misconception is that these devices are not connected to the internal network (without their knowledge).
Another misconception, he added, is that businesses think they are secure when they are not.
“People don’t always have the right staff to do the necessary safety measures,” he said.
Advanced technology to the rescue?
Asked if there is any advanced technology that can help solve some of the challenges he presented, Dr. Dor is confident that tools are available to help in the process of understanding the challenges.
He cited the use of Artificial Intelligence (AI) as helping to map visible devices in a network of IoT devices and to map their behavior.
“But to do this, you need to have a lot of data on the same IoT devices out there,” he warned.
“So as an organization, you may not have enough data to protect your IoT devices. However, it is possible that you have enough data on the different uses and uses of this IoT device to help you approve or create policies for IoT device categories.”
Bringing greater security for IoT devices to the enterprise
Dr. Dor suggests reducing the access state of the IoT device to a limited or location-based approach. Another step is to understand what IoT does and see if it behaves like a legitimate IoT device.
He recommended organizations buy IoT devices with some built-in security and stability.
Click on the PodChat player and hear in detail Dr. Dor’s observations and recommendations for enterprise IoT security.
- What IoT cybersecurity threats do businesses face?
- How common are these threats?
- What are the common misconceptions and challenges faced today when businesses try to secure IoT devices?
- Can advanced technologies such as AI, machine learning and deep learning solve these problems?
- What are the roles of AI, machine learning and deep learning in IoT security?
- What are your recommendations for bringing greater security to business IT devices?