A proactive approach to elevate IoT security
9 MINS READ
Growth of IoT
Global IoT market to touch $1.1 trillion by 2025
Over the last few years, we have witnessed a prolific adoption of Internet of things (IoT) technologies across industries. We now live in a more agile, smarter, and connected world. The IoT revolution is just unfolding—in the near future, we are likely to see unprecedented growth in the adoption of IoT devices and solutions with the advent of 5G networks. These networks will eradicate the digital divide by providing high-bandwidth Internet access even in remote areas.
A popular market research company predicts global IoT security market size will grow from $14.9 billion in 2021 to $40.3 billion by 2026.
The key challenge
IoT security is fast emerging as a top business priority
Beyond doubt, IoT devices drive business value. However, they also present a vast attack surface due to their internet-supported connectivity. According to this research, 57% of IoT devices are vulnerable to medium to high-severity attacks. While 41% of respondents felt the approach to IoT security needed much improvement, 17% said a complete overhaul was necessary.
There is a need to secure IoT devices to reduce cyber risk for organizations. Therefore, a security framework for enterprise IoT solutions, including IoT risk management aligned with the organization's cyber risk strategy, is necessary.
Six things you should not ignore while picking your IoT vendor
Assess if the vendor ensures compliance of their device to applicable security and statutory privacy regulations.
Ensure vendors have comprehensive and transparent policies and standards for the security and privacy of IoT solutions. Encompassing hardware, firmware, communication, data storage, application, platform, data retention, and business continuity.
Determine the IoT vendor’s ability to notify and respond to hardware, firmware, or application security vulnerabilities.
Find out if the vendor uses third-party libraries or open source components. Ensure the vendor has adequate insight into the device’s security during firmware updates if there’s no software bill of materials (SBOM).
Ensure availability of solutions from the vendor for security management of IoT devices through the deployment of security fixes or patches locally or remotely over the air (OTA) and monitoring of devices for security threats.
Ensure vendor’s security assurance of IoT devices, gateways, applications, and platforms through vulnerability assessment and penetration testing.
Avoid these pitfalls when deploying IoT solutions.
Be aware that IoT hardware running custom firmware or lightweight services can be immune to attacks or breaches even if they have not been exploited yet. There have been instances where IoT devices were exploited because there were no proactive measures to detect and fix vulnerabilities. A recent instance has been the discovery of Access:7 vulnerabilities potentially affecting over 150 devices consisting of several medical imaging and laboratory devices, among others from more than 100 vendors.
Secondly, do not solely rely on generic vulnerability scanner tools meant for IT systems to detect vulnerabilities in IoT devices. On the contrary, conform to testing methodology tailored for IoT devices and use specialized tools to beef up IoT security.
The way forward
Take a proactive approach to boost IoT security.
The threats to IoT systems are on the rise. Therefore, it becomes imperative to introduce appropriate security controls consistent with the intended use, perceived threat, and impact on the business, user, or environment if the devices are compromised.
In February 2019, the European Telecommunications Standards Institute released the first globally applicable standard for consumer IoT security. In the US, one such protocol is the Internet of Things Cybersecurity Improvement Act of 2020, directing the National Institute of Standards and Technology to create minimum cybersecurity standards for IoT assets controlled or owned by the United States government. With stakeholders implementing and self-enforcing such regulatory standards, organizations across industries can deploy secure IoT solutions and ensure seamless connectivity for a better future.
The IoT value chain is intricate, with high interdependence between all stakeholders. Every link in the chain, including the end user, IT team, IoT vendors, and organizational stakeholders, is responsible for ensuring IoT security.