The enterprise is just about realizing how risky Internet of Things (IoT) devices are to their security postures. Whether it comes from unencrypted communication with devices, hard-coded passwords, vulnerability-ridden unmanaged devices, or insecure configurations, a huge flaw always seems to be lurking around the corner with regard to IoT deployments.
This is not to say or mean that IoT has been flawed or a big security threat to entities or enterprise involved but rather a cautious of its growing security risk.
It’s only natural for new-ish technology. IoT is following a common progression in security maturation that’s happened so many times in everything from Wi-Fi to Web apps.
However, as IoT progresses, a number of factors add a greater depth to the IoT problem. Some up the ante considerably by putting way more at risk — either in consequence or cost — when an IoT device is compromised.
Other factors expand the risk surface by exacerbating already extant vulnerabilities in the IoT ecosystem.
Either way, read on for some of the most common factors that raise the stakes for IoT and make the problem more acute within the enterprise.
The Drum Beat of Digital Transformation
The ubiquity of connectivity from IoT is a major pillar of digital transformation, for which enterprises are pouring billions of dollars in 2020 and beyond. In fact, IDC analysts are predicting $7.4 billion in spending over the next three years. Embedding IoT into industrial applications, into the supply chain via things like transport and product tracking, and into facilities through smart buildings, are at the spear tip of most early digital transformation investments.
This is going to create tons of new business opportunities, but at the same time embedding IoT into the most critical of physical infrastructure for business raises the stakes considerably for IoT security. This is not a new tech that can be turned on or off at will. It’s part of the fabric of factories, facilities, and supply chains that businesses can’t live without. What’s more, it’s tied to machinery that can cause serious injury or death in the event of malfunction or sabotage.
- Which console is right for you? Xbox Series X vs. PS5The Xbox Series X and PS5 from Microsoft and Sony, respectively, are due to arrive in 2020, almost 7 years … Read More
- PlayStation 5 will launch Nov. 12 at GHC2900Sony’s upcoming PlayStation 5 video game console will cost GHC3,000 and launch Nov. 12, the company said Wednesday, setting up … Read More
- Here are our 6 favourite iOS 14 features and how to make good use of themApple just released iOS 14 and it brings a ton of new features to your iPhone. We’ll show you some … Read More
- 5 most important security and privacy features of iOS 14 and iPadOS 14 you need to know aboutiOS 14 is out, and if you’re brave enough to install it you will be getting some new security and privacy features. … Read More
- Microsoft’s Bill Gates Lauds Ghana For Exemplary LeadershipAmerican business magnate and Co-founder of Microsoft, William Henry Gates, popularly known as Bill Gates, has, lauded Ghana for showing … Read More
Network Architectural Revolution
The architectural revolution of SD-WAN and 5G connectivity is meant to solve a lot of the performance issues wrapped up in the wide geographic distribution of IoT devices by directly connecting these devices to the Internet and sorting management out at the cloud application layer. While both SD-WAN and 5G introduce much-needed security in the form of encryption and the potential for better device management down the road, most enterprises are not yet architecturally equipped to centrally manage the security of such a vastly expanded edge.
Many organizations depend on backhauling traffic into the data center to give them the capability to inspect traffic from edge devices, which defeats the purpose of the SD-WAN and 5G revolution. This will cause considerable friction during what’s likely to be a long transition period for large organizations.
Short Half-Life of Consumer IoT Support
Many CISOs are already well-aware of the dangers that insecure consumer IoT devices pose to the enterprise. Whether it’s insecure smart home devices on remote workers’ home office networks or consumer-class IoT devices — such as smart TVs in conference rooms — making it onto corporate networks, these devices widen the risk surface on so many levels. The difficulty for those setting policy for consumer IoT devices is that the acceptability of approved devices can change drastically and rapidly.
That’s because of the relatively short half-life of vendor support for consumer IoT devices, many of which people traditionally hang onto for long periods of time. The backlash over speaker vendor Sonos’ recent announcement that it would be dropping support for many of its older popular speakers offers a glimpse into this dynamic.
Not only is the IoT market highly fragmented, but the underlying standards for devices, network protocols, data storage, and security move faster than the tenure of an enterprise SOC analyst. In the last half-decade we’ve seen the popularity for dozens of standards ebb and flow. According to a count last year, there are more than 90 different IoT standards across eight categories, developed by 26 organizations and alliances.
This makes it extremely difficult to set security policies and frameworks in the enterprise setting. Architects and policy makers simply cannot keep up with the dynamic situation.
Not only that, but when a really promising standard starts to arise, it inevitably starts to get poked and prodded by security researchers. They uncover cracks that can be improved — but only if organizations stick with it long enough to see those improvements bear fruit.
The recent alarm bells raised by IOActive researchers over LoRaWAN should offer a test case for this. This fast-growing protocol has some serious vulnerabilities in how keys are protected. The question is whether organizations will commit to LoRaWAN and its security long enough to heed researchers’ advice on the matter.
IoT and the Human Body
The healthcare industry is embracing IoT in a big way, drawn to the positive clinical results and increased profitability afforded by connected implants, health-tracking wearables, clinical diagnostic devices, and more. However, the second that a connected device is tied to a human body in any way whatsoever, the risk dimensions of IoT enter a completely different plane.
Even something as simple as a ransomware attack can become a life-threatening episode when IoT is paired with the human body. This is adding a much higher degree of responsibility, accountability, and due diligence from both vendors and health technologists as the connection between IoT and healthcare expands — more so than ever before in healthcare IT.
source/reference: Ericka Chickowski , darkreading.com