Today is IoT Day! On this day, we celebrate the power and potential of Internet of Things (IoT) devices to revolutionize our business processes. Research giant Gartner predicts IoT devices shall number over 20 billion globally by next year.
However, IoT devices come with severe endpoint security risks enterprises must address before connecting to them to their IT environments. While we should enjoy the capabilities lent to our businesses through the IoT, we should use IoT day as an opportunity to assess our security postures.
Therefore, we consulted with cybersecurity experts on why securing IoT devices matters to enterprises’ IT environment.
Why Securing IoT Devices Matters
Famously, IoT devices overall lack any kind of inherent endpoint security. Most manufacturers don’t prioritize securing IoT devices in any way; as a rule, they emphasize fast production and quality services.
Moreover, those manufacturers who do prioritize securing IoT devices often upload poor endpoint protections. In some cases, the manufacturers leave security vulnerabilities such as their (easily crackable or guessed) administrator credentials. In other cases, the endpoint security embedded in the IoT creates integration issues with other cybersecurity solutions.
Finally, even if embedded IoT endpoint security doesn’t run into these issues, they come with updating and patching issues. Securing IoT devices, just like securing other endpoints, relies on properly patching your cybersecurity, keeping it up-to-date. Without these updates, your endpoint security might lack the necessary threat intelligence to combat evolving cyber attacks.
However, IoT device manufacturer often make patching or upgrading their cybersecurity firmware challenging and frustrating. Additionally, manufacturers often fail to communicate their upgrades to their customers, leaving them in the dark.
Cybersecurity Experts on Securing IoT Devices
We could go into more detail on the importance of securing IoT devices with next-gen endpoint security. However, we thought we would use the occasion of IoT Day to consult with some cybersecurity experts on the matter. Below, we give their statements, with a few slight edits for readability.
Pramod Borkar, Technical Marketing Leader, Exabeam:
“The challenge of securing IoT is complex and extensive due to the fact that IoT devices are deployed over a wide attack surface and contain numerous threat vectors, such as authentication and authorization, software, device threats, network threats, and OS level vulnerabilities. In addition, despite the initiative in developing and deploying innovative IoT use cases, a general lack of standards remains. Organizations often aren’t implementing needed security governance, policies, and compliance. Compounding the problem, many IoT devices aren’t part of a rigorous patch or upgrade routine, leaving them open to security vulnerabilities.”
“The most important step in securing IoT devices is to view them as assets or entities that are open to attacks in multiple ways. It’s essential to understand IoT device baseline behavior to be able to identify deviations from established patterns. This enables you to pinpoint rogue activities, such as insider threats for obtaining compromised credentials, accessing sensitive data, and lateral movement within the network.”
Bryan Becker, DAST Product Manager, WhiteHat Security:
“Devices such as security systems, smart watches, and appliances have definitely made our lives and work easier. However, they do not come without a cost. IoT devices create a wealth of opportunities to compromise a network (be it at home or in the office), and can be used as a foothold for more serious attacks.”
“According to an IDC global survey, 56 percent of enterprises plan to incorporate IoT in the next two to three years. Security professionals must adopt a solid IoT security strategy with practices such as educating themselves on potential vulnerabilities, investigating security technologies that can help fortify products against outside threats and ensuring security is purpose-built into every aspect of the ecosystem that is running their IoT product, service or device.”
Todd Kelly, Chief Security Officer, Cradlepoint:
“Cybersecurity concerns are real when it comes to IoT but by using expert cloud-based management platforms and software-defined perimeter technologies, they can be effectively addressed.”
“On IoT Day and every day, it’s important to remember there will always be IoT devices compromised and vulnerabilities exposed. But just as we’ve built these technologies, we’ve also built the safety constructs to protect them. If we commit to tried and true security practices while adopting new approaches that leverage wireless, software-defined and cloud technologies we don’t have to let our concerns unduly impact our progress.”
Brett Cheloff, Vice President, ConnectWise Automate, ConnectWise:
“Per a report from the Ponemon Institute, IBM, and Arxan, a staggering 80% of IoT applications and 71% of mobile applications are not tested for vulnerabilities, raising more concerns for data security.”
“As the industry changes to meet the needs of a new tech generation, security will continue to evolve, and industry leaders will be closely monitoring the changes. With security built right into new solutions, managed service providers should [look] to their own tools to sync, support, and secure.”
Cliff Duffey, President and Founder of Cybera:
“The myriad of end user devices, IoT, workforce mobility and multi-cloud technologies that define and advance digital transformation has an unfortunate downside of increasing complexity at the network edge, as well as the probability of data exposure and potential attack vectors to remote businesses.”
“It is especially troublesome for business operators at the network edge, who may lack technical expertise, yet are susceptible to many cyber threats and security risks that IoT can introduce. Often, these remote site operators view technology changes as more foe than friend because of how far-removed they are from [central decision makers].”
Thank you to these cybersecurity experts for their time and expertise. To learn more about securing IoT devices on your IT environment, check out our free 2019 Buyer’s Guide. We compile information on the top vendors, including their key capabilities and our Bottom Line for each. Endpoint security can help your enterprise secure its IoT devices. SImple as that.
Securing IoT devices must become a top cybersecurity priority for your enterprise. Otherwise, hackers will continue to exploit them as vulnerabilities, footholds, and threat dwelling spaces. Now’s the time to strengthen your IoT before a cyber attack occurs. Happy IoT Day!
Latest posts by Ben Canner (see all)
- Endpoint Protection Capabilities You Need for the Cloud - April 18, 2019
- Endpoint Monitoring, EDR, and Endpoint Security: What Do You Need? - April 17, 2019
- Opinion: Can Your Cybersecurity Be a Competitive Advantage? - April 12, 2019