According to market watcher Gartner, there will be nearly 26 billion devices on the Internet of Things by 2020. It is also predicted that over 25 percent of identified attacks in enterprises will involve IoT.
More and more organisations are jumping into the world of Internet of Things, making use of and creating various connected devices for everything from autonomous vehicles to sensors on machine plant and machine to machine monitoring across smart city transport, telecom and energy systems. However, many of these businesses remain unaware of the potential privacy and security risks that arise from IoT devices.
The endless variety of IoT applications poses an equally wide variety of security challenges. The advice is that security should be implemented from the operating system level.
A statement from WindRiver, which supplies embedded software for intelligent connected systems said: “The same intelligence that enables devices to perform their tasks, must also enable them to recognise and counteract threats.”
Some embedded devices have been targeted and compromised over the last 15 years, since before the rise of IoT. However, what has been specifically identified from the manufacturing of the various devices is that either little thought is given to security and for the few that have- the security remains in-effective.
The continuous hype surrounding Internet of Things highlights that it is something that is and will continue to be an integral part of business and society, the worrying factor is that many businesses are failing to adapt their cyber strategies.
This leads to the recent news of the European Commission’s plan to set up rules to force businesses to apply to secure IoT.
The issue is in part based on the belief that connected devices should be protected through the network or may not even need to be secured.
In an interview with CBR, Roland Dobbins, Principal engineer at Arbor Networks said: “Embedded devices are somewhat abandoned as we do not interact with them all the time, but there needs to be the same security implemented as you would on a smartphone.”
Also, the lack of awareness of the need for network security alone exposes the device, sensor or embedded system to risk in itself. As IoT evolves, organisations will need to bolster network security and recognise its importance.
Ross Brewer, VP and MD EMEA at LogRhythm said: “A ‘smart’ kettle in the office kitchen may sound harmless, but if it’s connected to the network then it could quite easily become a target for hackers attempting to gain access to corporate information.”
Therefore, security intelligence is needed. While systems such as firewalls and anti-virus software are important, today’s threat landscape combined with the challenge of managing the growing number of data means it is increasingly important that businesses have tools in place that reduce the time it takes to detect and respond to threats.
In a statement Cisco advised: “Security executives should proceed by building a more integrated and scalable enterprise-class network security architecture in the short term. It’s not enough to just add more security components to the network; it will be essential to truly converge the various components so that they work together.”
From a survey commissioned by ForeScout, in June 2016, of 350 organisations, a total of 85% of respondents said they are not confident that they know all the devices on their network.
Jan Hof, International Marketing Director at ForeScout said: “This lack of visibility is probably the most concerning finding of the survey. Companies need to know what is connected to their network, as you cannot protect what you can’t see.”
Another main finding from ForeScout’s survey, is that only 44% of respondents confirmed they had a known security policy for Internet of Things. This identifies that the remaining respondents, who responded ‘I don’t know’ and ‘No’ may not have a security policy implemented to their devices at all.
For the few that confirmed to having implemented security policies, many methods included password protection and Wi-Fi keys- both of which can be easily hacked.
Therefore, organisations should aim to change how they secure their networks finding a solution to secure Internet of Things.
In the 2016 Dell Security Annual Threat Report companies were identified as already being the target for an ever-growing number of cyber-attacks, with 2.17 trillion IPS attacks and 8.19m malware attacks in 2015 alone.
Florian Malecki, International product marketing director for Dell Security said: “If companies are going to enjoy the benefits of today’s potentially insecure IoT devices, they’ll have to put end-to-end security programs in place.”
With a number of ways available for organisations to secure their IoT investments, Dell has put together a list of five potential security risk preventions such as:
- Approach security holistically
- Research your devices
- Audit the network
- Segregate traffic
- Educate your team
Malecki added: “Eventually we’ll begin to see manufacturers incorporate more security settings directly into their IoT devices, but right now, the onus is on both the consumer and the company to protect against cyber-attacks.”
Organisations need not to wait until there are 30 billion connected devices in the world to attempt to make secure the IOT. The time to think security is now.