Internet of Things is a way without coming back. According to Gartner, there are over 8 billion connected “things” in use today, and the figure will top 20 billion by 2020, including over 7 billion specifically for business use. As organisations embark on digital transformation projects, bringing IoT devices closer to users’ reality, a new cyber risk emerges. How to keep those devices safe and control the potential cyber attacks?
That’s the challenge companies are facing. The latest IoT report from Trend Micro shows that part of the challenge stems from the fact that much of the IoT world is firmly rooted in operational technology (OT). OT teams often do not consult security teams and are not primarily concerned with data availability, integrity or confidentiality. This can leave dangerous gaps in cybersecurity if IT-OT silos can persist.
The IoT Landscape for Companies
Data gathered from the IoT Trend Micro report indicate that global organisations are quick advancing in IoT projects. Industrial IoT is the most popular type, with 62% having already begun implementation, followed by wearables (53%), smart utilities (48%) and smart factory (41%) initiatives.
On average, IoT spending is set to rise from $2.51m to an anticipated $2.53m over the coming year. And they’re already reaping the rewards. Nearly all respondents (99%) claimed to have seen benefits including quicker access to data (51%), increased customer satisfaction (41%), and cost savings/increased efficiencies (40%).
According to the same report, cybersecurity is one of the key issues faced by companies investing in IoT projects. Aside from the cost and IT complexity (both 40%), came increased security complexity (36%), data security (34%), device security (27%), difficulty in complying with security regulations (26%), and network security (23%), among many others. The vast majority (97%) of respondents also viewed security deficiencies as a potential threat to critical infrastructure, in terms of the complexity of infrastructure (44%), the increased number of endpoints that need securing (42%), and lack of adequate security controls (38%), among other factors.
Communication and integration between departments was a common topic presented in the report. From the respondents' point of view, the lack of integration is a challenge in such projects, as security teams needed to be involved since the beginning. According, to the IoT report from Trend Micro only 56% of the respondents said the CISO (Chief Information Security Officer) is one of the top three final decision-makers in IoT projects, while 64% chose the CIO (Chief Information Officer).
The Risks are Real
Stolen credentials and access via vulnerability exploitation are just two examples of attacks which can be done through IoT devices. Attackers can sabotage critical infrastructure, infiltrate corporate networks to steal sensitive data or even hijack IoT endpoints for use in botnets to launch DDoS attacks, mine cryptocurrency, and carry out other nefarious activities. The FBI recently warned about such attempts in the consumer and small business sphere.
The real-world threats are wide spreading among the companies, over half (54%) of the respondents said they had seen an increase in attacks over the last 12 months. Phishing attacks, credential theft, and trojans were the most popular ones.
Internet of Things is changing the way companies operate, it’s changing for the better, with more concerns regarding security and private data. However, cybersecurity still a problem, end-users awareness about cyber safety helps to bring the topic for discussion more frequently. What we will see from now is an increase in the need of cybersecurity professionals certified and ready to work through the last and more updated security frameworks.
Why Should End-Users Care Too?
Internet of things is not far away from the public in general. This rapidly expanding set of “things” includes tags (also known as labels or chips that automatically track objects), sensors, and devices that interact with people and share information machine to machine.
Cars, appliances, wearables, lighting, healthcare, and home security all contain sensing devices that can talk to another machine and trigger other actions. Examples: devices that direct your car to an open spot in a parking lot; mechanisms that control energy use in your home; and other tools that track your eating, sleeping, and exercise habits.
All these technologies provides a good level of convenience to people's lives. It also represents a great source of data about our behaviour and habits. From the end user's perspective is important to know how safe these devices are and how the data is being used. The security of this information and the security of these devices is not always guaranteed.
More than ever, it’s important to be aware of which kind of data the device and its potential use. The option to save login details and credit card information seems easier on a daily basis, for example, but it can represent a problem for you in the future. It's always a good piece of advice to think twice before adding your personal details to apps and devices.
*The article above is based on the data provided by the TrendMicro report available here.
In a fast-paced environment, investing in technical training is the best way to overcome the Cybersecurity challenges. At New Horizons Ireland we provide a wide range of Cybersecurity courses from different vendors and covering all paths that you might want to follow.
In the link below, you can check all our Cybersecurity paths and choose the best option for your career.
Talk to one of our Account Managers to check all your options and possibilities. New Horizons Ireland courses are available in a variety of modalities to attend your needs, such as online live, instructor-led in our Dublin classroom and Mentored Learning, which is a convenient way to attend your course at your own pace and availability.
True or false? A wireless device is immune to traditional wire-based attacks?
Take our FREE cyber security assessment to see how prepared your organisation is for cyber threats. The test is made up of 15 questions and will determine if you can recognise and avoid common issues like phishing, malware and non secure website.
Take the quiz