In the past few years, the topic of Internet of Things security has become a theoretical-sounding threat to a central concern for most businesses and government organizations. The majority of cybersecurity professionals anticipate that their organizations will be hit with IoT-based attacks in the next few years. It’s no wonder that Gartner expects IoT security spending to exceed $1.5 billion by next year.
While IoT is vital in many organizations’ quest to adapt their business to the needs of the twenty-first century, organizations deploying the technology while giving short shrift to security can invite catastrophe. Consider, for instance, the potential of hackers with the ability to control the power grid, industrial facilities and even medical devices. All three of those scenarios are possible now, making cybersecurity a safety as well as a security risk.
Awareness is increasing, but few organizations are IoT security savvy
Fortunately, a growing number of organizations are taking steps to address the IoT security problem. IoT World’s recent study, What’s Keeping IoT Executives up at Night in 2018, surveyed over 100 IoT executives and found that 72% of respondents have ensured that they have IoT security measures in place.
But the Internet of Things can create a range of threat vectors, making security by design paramount. Although some security features such as SSL certificates can be incorporated after the device is created, the concept of embedded system security must be a priority from the beginning. When possible, organizations with IoT projects can deploy industry-leading security practices like bank-level (128-bit AES) encryption of all transmitted data and firmware signing for all updates.
While professionals launching IoT deployments are making progress when it comes to cybersecurity, there is still room for improvement. A total of 61 percent of IoT executives are either developing an IoT security policy or currently enforcing one. Fewer than two-thirds of respondents remain up-to-date on security fixes and patches.
Another challenge is procuring sufficient budgets to secure IoT deployments. According to Gartner, a quarter of enterprise data hacks will involve IoT, but only 10% of IT security budgets will be allocated to IoT.
Mind the IoT cybersecurity gap
Responsibility to develop these defenses often falls on the shoulders of a business’ IT department and not all teams are currently prepared to step up to the task. Fifty-seven percent of organizations aren’t training their IT teams on the latest IoT security practices. Meanwhile, the topic of operational technology (OT) security is a growing concern for many organizations — especially in the industrial realm who are struggling to find professionals who can help them secure critical infrastructure and industrial facilities from cybercriminals.
Another danger sign is that a minority, 43% of respondents, are not conducting vulnerability testing. Less than half are keeping an inventory of connected devices. Organizations that don’t know what their cyber weaknesses are or even if there is are rogue or unsecured IoT devices in the workplace make themselves potentially easy targets for hackers.
While IoT offers transformative power to organizations who can leverage the technology for everything from driving efficiency gains to launching new business models, the truly transformative power of IoT can only be realized if when security — across the entire ecosystem — is a priority. While many organizations have taken initial steps on the cyber journey, it’s important that they continue to make progress in order to unleash IoT’s full potential.