Since its emergence, IoT has become a go-to platform for enterprises to increase their efficiencies and make their organizations more connected. However, this connection can come at the risk of security breaches.
Connected devices are being heavily integrated into human society due to their immense benefits. From smart toys for children to connected cars, from implanted monitors to connected kitchen’ kits, they are heavily influencing an individual’s life. But, the connectedness of these smart devices is worrying enterprises.
The IoT devices have frequently been connecting to enterprise networks, making it easy for hackers to exploit the network for malicious reasons. A recent study by Palo Alto networks states that in the UK alone, around 43% of wearable medical devices are the most likely vulnerable devices that are giving IT leaders a security headache.
“With the influx of IoT, including the supply chain sub-dependencies that they add, organizations should not assume they are adequately secured. There is a lack of standardization in security controls and the value of IoT devices varies so wildly between a few to millions of pounds. So, we can’t expect the same investment in security controls when the IoT asset value varies so greatly “, says Grey Day, VP and chief security officer, Palo Alto Networks.
The same study also found that around 43% of UK businesses have not segmented the IoT devices on separate networks or not taking the seriousness of IoT security into account. According to the report, nearly 25% of organizations with a workforce of at least 1000 employees have not segmented IoT devices onto separate networks.
“Visibility really is key to both realizing the business opportunity and understanding the risks of IoT. This is because most devices use proprietary methods, which are increasingly encrypted. If you cannot tell what a thing is or what normal looks like, how can you define what it should be able to access and why? More critically, how do you spot a change, that could be good, new capabilities or bad with the device being used as a gateway for the attack,” comments Grey Day.
The variation in the IoT devices with regards to functionality can put a lot of strain on the security teams. Therefore, having IoT strategies to deal with diversity can help identify vulnerabilities in the infrastructure’s security.
“The research shows there’s more we need to do to close the gap in IoT security strategy, especially as technology teams deal with the proliferation of such a diversity of connected devices at a dizzying pace,” comments Grey.
Though IoT devices can open gateways for infinite opportunities for businesses, not emphasizing on its security can result in huge loss. Hence, businesses need to take into account the risks and strategies related to IoT devices. Differentiating what devices can help improve the business’s safety and which ones have the potential for the security breaches.
“IT and security teams need to embrace the visibility of IoTs and then segment both their critical digital business assets and align IoT things only to the business processes required. In other words, micro-segmentation,” adds Grey Day.