(November 29, 2021) Organizations typically give little thought to building automation systems, inventory scanners, surveillance cameras, and other Internet of Things, IoT devices, connected to the corporate networks. However, growing numbers of IoT devices create significant security threats.
Many of these devices are unmanaged, which means they send, receive, and process information and communicate with other devices on the network but aren’t managed using traditional security tools. Often, no one is responsible for applying security patches and firmware updates — that is if the manufacturer issues them.
IoT devices are likely to have default or weak passwords, making them highly vulnerable to attack. Hackers can commandeer the devices for botnets, capture or alter their data, or use them as means of gaining access to the network. IT leaders need to assess all devices connected to the network and implement policies and procedures for securing them.
Devices Flooding into Businesses
Estimates of the number of IoT devices vary widely, from about 10 billion to more than 35 billion. This includes consumer products such as smart doorbells, virtual assistants, and connected appliances, but business and industrial IoT applications are also growing rapidly. Almost 650 million IoT devices were in use in healthcare facilities in 2020, according to Forbes estimates.
In a recent Forrester Consulting survey, 69 percent of organizations said that IoT and other unmanaged devices comprise at least half of all devices connected to the network. More than one-quarter (26 percent) said those types of devices outnumber managed devices by three to one.
In some cases, business needs are driving the growth of the IoT, particularly in the manufacturing and healthcare sectors. However, employees are also contributing to IoT growth by bringing personal devices into the workplace. Additionally, more devices are being manufactured with built-in connectivity.
Increasing Security Concerns
IT and security professionals are worried that these devices create cyber threats. In the Forrester survey, 84 percent of respondents said that IoT and other unmanaged devices are more vulnerable to attack than managed devices.
These concerns are well-founded. Attacks have targeted devices ranging from security cameras to fax machines to smart lightbulbs. More than two-thirds of organizations have suffered an IoT-related security incident, and two-thirds of those attacks involved data loss or leakage.
However, 80 percent of Forrester survey respondents don’t know where to begin securing IoT and other unmanaged devices. Many face the challenge of simply identifying and locating all of them. Even when they are aware of these devices, they lack the security tools and skillsets needed to protect them.
Getting a handle on IoT security begins with a thorough assessment of the IT environment. IT teams need to conduct an inventory that accounts for every device that’s connected to the network.
Where to Begin
Armed with an up-to-date inventory, IT teams can begin to develop the policies and procedures needed for effective protection:
- Classify devices and prioritize protection for those that perform critical functions and process sensitive data.
- Understand how devices can be exploited or manipulated, and leverage security frameworks to implement appropriate security controls.
- Ensure the budget allocated to IoT security reflects the level of risk and projected IoT growth.
- Develop a plan for responding rapidly to IoT-related security incidents.
- Establish processes for assessing the risk of new devices that are added to the network.
Organizations that lack the personnel and tools needed to secure their IoT devices should consider partnering with a managed services provider (MSP). A qualified MSP can help ensure that every device connected to the network is properly monitored, managed and secured to reduce the risk of a security breach.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile
