IoT technology has the potential to help companies reach the next stage in their digital transformation, but deploying this new tech without seriously considering how to ensure data security is rife with risk. Consider the potential ramifications of hackers gaining control of a power grid, industrial facilities and even medical devices. In fact, we’ve already seen these hacks on everything from webcams to Jeep SUVs. The potential threat scenarios are all too real, making cybersecurity an individual safety as well as security risk. Gartner expects IoT security spending to exceed $1.5 billion by next year, which makes sense given the majority of cybersecurity professionals expect hackers to target their IoT systems and devices in the next few years. So, what can companies do to protect themselves against this rising threat?
Taking the next step
A growing number of organizations are taking note of the need to strengthen IoT security. When IoT World surveyed over 100 IoT executives in its recent study, What’s Keeping IoT Executives up at Night in 2018, results showed that 72% of respondents are committed to putting IoT security measures in place.
But the Internet of Things can present a range of threat vectors, making emphasizing having security embedded with the design essential. Certain security measures such as SSL certificates can be integrated after the device is created, but the concept of embedded system security must be a priority from the start. Security practices like bank-level (128-bit AES) encryption of all transmitted data and firmware signing for all updates are the ideal for businesses planning to use IoT.
Organizations are beginning to take steps to invest in these security features, but, there is still room to improve. While 61% of IoT executives are either developing an IoT security policy or currently enforcing one, fewer than two-thirds of respondents remain up-to-date on security news about potential fixes and patches.
Not only do IT executives have to worry about the safety of their IoT technology, they also should be concerned about securing large enough budgets to properly support IoT deployments. According to Gartner, a quarter of enterprise data hacks will involve IoT, yet just 10% of IT security budgets will be dedicated to IoT.
Falling on the shoulders of IT
When given the responsibility to develop their organization’s security defenses not all IT departments are sufficiently prepared to own this daunting task. Currently, a total of 57 % of organizations aren’t training their IT teams on the latest IoT security practices. In addition, operational technology (OT) security is becoming a growing concern for many organizations — especially those functioning in the industrial realm. Many of these businesses are struggling to find professionals who have the knowledge to tackle the issue of securing their critical infrastructure and industrial facilities from cybercriminals.
Another troubling statistic is that 43% of respondents are not conducting vulnerability testing. To make matters worse, less than half are keeping an inventory of their connected devices. Organizations that are not aware of their cyber weaknesses or unable to identify rogue or unsecured IoT devices in the workplace are the most at risk of being targets for hackers.
IoT has the powerful ability to transform organizations who can leverage the technology as it can drive efficiency gains, launch new business models, and more. But this transformative aspect of IoT is only worth it if security — across the all areas of the enterprise — is a top priority.