43% of businesses don’t protect their full IoT suite – Technologist

IoT Analytics estimates that the global number of connected IoT devices is expected to grow 9%, reaching 27 billion IoT connections by 2025. Riding on this growth of connected devices is an increased need for security.

Gartner observed that in the past three years, nearly 20% of organisations have already observed cyberattacks on IoT devices in their network.

While 64% of respondents to the Kaspersky study, Pushing the limits: How to address specific cybersecurity demands and protect IoT, use IoT solutions, as much as 43% do not protect them completely.

This means that for some of their IoT projects – which may be anything from an EV charging station to connected medical equipment – businesses don’t use any protection tools. Kaspersky posits that may be due to the great diversity of IoT devices and systems, which are not always compatible with security solutions.

Barriers to protecting IoT

The study noted that 64% of businesses fear that cybersecurity products can affect the performance of IoT while 40% fear it can be too hard to find a suitable solution. Other common issues businesses face when implementing cybersecurity tools are high costs (40%), being unable to justify the investment to the board (36%) and lack of staff or specific IoT security expertise (35%).

Barriers to implementing IoT

The study also noted that 57% of surveyed organisations see cybersecurity risks as the main barrier to implementing IoT. This can occur when companies struggle to address cyber risks at the design stage and then must carefully weigh up all pros and cons before implementation.

Stephen Mellor, chief technology officer at Industry IoT Consortium, insists that cybersecurity must be front and centre for IoT. He posits that managing risk is a major concern as life, limb and the environment are at stake.

He warns that an IT error can be embarrassing and expensive; an IoT error can be fatal. But cybersecurity is only one part of making a system trustworthy.

“We also need physical security, privacy, resilience, reliability and safety. And these need to be reconciled: what can make a building secure, (locked doors for example), could make it unsafe if you cannot get out quickly,” he continued.

While IT projects such as messaging/communication, analytics, CRM, etc., have around 80% of common requirements, IoT deployments are very fragmented, loosely coupled, domain-specific and integration-heavy in nature.

Eric Kao, director for WISE-Edge+ at Advantech comments that in the case of IoT implementation, companies must deal with all kinds of legacy systems, physical constraints, domain protocols, multiple vendor solutions. They must also maintain a reasonable balance in availability, scalability and security.

“In pursuit of higher availability and scalability, certain cloud infrastructure has to be leveraged, the system has to be open to some extent, then security becomes an enormous challenge,” he added.

The bright side

Challenges aside, there remains optimistic about the potential benefits of the technology and the possibilities of protecting IoT solutions as they are integrated into operations and IT.

Andrey Suvorov, CEO at Adrotech in Russia, says IoT is widely used in smart cities (62%), retail (62%) and industry (60%). These include projects such as energy and water management, smart lighting, alarm systems, video surveillance and many more.

“Experts around the world are working on the task of effective protection for such projects but efforts should be made at every level – from equipment manufacturers and software developers to service providers and companies that implement and use these solutions,” he added.

Next steps for securing IoT

To help organizations fill the gaps in their IoT security, Kaspersky suggests the following approaches:

• Assess the status of a device’s security before implementing it. Preferences should be given to devices with cybersecurity certificates and products from manufacturers who pay more attention to information security.
• Use a strict access policy, network segmentation and a zero-trust model. This will help minimize the spread of an attack and protect the most sensitive parts of the infrastructure.
• Adopt a vulnerability management program to regularly receive the most relevant data about vulnerabilities in programmable logic controllers (PLCs), equipment and firmware, and patch them or use any protection workarounds.
• Check the “IoT Security Maturity Model” – an approach that helps companies evaluate all steps and levels they need to pass to achieve a sufficient level of IoT protection.
• Use a dedicated IoT gateway that ensures the inbuilt security and reliability of data transferring from edge to business applications.