A new report from MEF takes a detailed look at the challenges surrounding IoT security, and serves as an IoT primer for enterprises to help mitigate the risks involved. MEF Advisor for IoT Andrew Parkin-White here shares an overview.
Enterprise IoT continues to grow at an impressive rate as organisations recognise the benefits of the control at a distance IoT offers. The figures speak for themselves – Transforma Insights is forecasting 27.8Bn IoT devices by 2030 up from 9.4Bn at the end of 2020.
This growth does not come without challenges with cyber attacks on enterprises increasing in their frequency and severity. IoT deployments represent an area of cyber risk for the enterprise and yet, enterprises feel extremely vulnerable around the issue of IoT security.
A recent survey of 450 global enterprises undertaken by MEF reveals that 80% of respondents view security as crucial to establishing an effective and robust IoT, including devices, network and applications, yet only 20% of enterprises feel capable of delivering a secure IoT environment.
It is imperative that enterprises address the challenges of IoT security – not only in keeping corporate networks secure but also defending against harmful extortion and ransom attacks. Cyber breaches can have a devastating impact on the enterprise leading to loss of reputation and income. Clearly, they need to rise to these IoT security challenges rapidly and effectively.
Enterprises need to get serious about IoT security and ensure that responsibility for IoT security sits in the C-suite of the organisation to ensure an optimum approach throughout the design, build and operate phases of an IoT project“
It is encouraging that help is available to the enterprise – organisations including GSMA, Cloud Security Alliance and IoT Security Foundation provide excellent advice and frameworks for compliance. Furthermore, security tools are offered including security best practices, encryption, zero-trust and trusted sources.
IoT secure-by-design must be the goal of the enterprise and not an expensive add-on at a later date. IoT security needs to be all encompassing spanning the vulnerabilities in devices, networks, application software and the interconnects between them.
Enterprises need to get serious about IoT security and ensure that responsibility for IoT security sits in the C-suite of the organisation to ensure an optimum approach throughout the design, build and operate phases of an IoT project. Enterprises should recognise that they may lack the skills necessary in IoT security and need to invest in enhancing skills within the organisation or turn to trusted third parties who can support them. Choosing the right partner is critically important.
Enterprises should recognise that IoT devices represent the most vulnerable part of their networks – these devices can be in employee’s homes and legacy end points. They should use the tools available to mitigate the risks. Paying attention to hardening activities – managing passwords and privileges – is important. All too often devices are shipped with default passwords that may not be changed.
An enterprise should maintain clear visibility in the identification and access management of the device to the network. In this respect, shadow devices – those connected without the IT department’s knowledge require careful management, especially as the trend towards bring your own device continues at a pace
Threats need to be constantly monitored, assessed and handled. An enterprise needs to maintain a dialogue with external organisations to mitigate these threats. Enterprises can be slow to divulge when they have been hacked and not try to bury the fact. Often once a breach has happened, the damage is already done.
Enterprises need to have a plan for when and not if a cyber attack happens. Preparation is key and enacting a plan critical when the attack arrives so that damage limitation can be kept to a minimum and recovery rapid.
MEF’s report on Addressing the Challenges of Enterprise IoT Security takes an in-depth look at the challenges of IoT security and recommends the steps that an enterprise should take to deal with a wide range of risks.
There has been massive growth in IoT in recent years, a recent forecast by Transforma Insights estimated 27.8Bn IoT devices will be online by 2030. At the same time, the number and seriousness of cyber attacks upon individuals, countries and commercial entities are increasing too.
Available as a free download – this paper introduces enterprises to the key challenges and responses facing those who are implementing an IoT and serves as an IoT security primer.