Finally, we have arrived in the age of an Internet of Things (IoT) ecosystem, with connected devices deployed in our homes, workplace, and public places. According to research analyst Omdia’s most recent “IoT Devices Market Tracker,” the global IoT installed base is expected to reach 27.5 billion in 2020, growing to 45.9 billion in 2025. With that number of devices deployed and even more on the way, it is anticipated that the volume of cybercrime or attempts to thwart cybersecurity will only increase. With threats from both criminal and rival nations evolving, it is important that defensive strategies are put in place to protect IoT systems, especially with threats to the digital scape looming large.
By Vikas Bhonsle, CEO, Crayon India
This is again, a pre-pandemic world’s observation. Omdia believes that industrial markets will continue to drive IoT demand, but growth in the communications and medical fields will accelerate. Overall, only a few markets are projected to remain strong amid COVID-19, and IoT security is one of them. COVID-19 has accelerated the security trends in the direction of integration, consolidation, and cloud transformation. According to an April 2020 report from IoT Analytics, since the early months of 2020, there has been an increase in cyberattacks that has raised the importance of IoT security considering the growing demand.
Securing an IoT infrastructure requires a precise in-depth strategy that includes securing cloud data, data integrity, data devices, any device or system connected to a network, or that is online and has the potential to reveal personal information to cybercriminals. Hence it is important to ensure the security of the IoT network of devices or appliances.
Procrastination towards security
There is a general attitude of procrastination among enterprises about employing security measures for their digital network and devices. When deploying data systems in any environment, security teams traditionally look for three things: speed, security, and budget-friendliness. Unfortunately, organizations tend to choose only two, leaving security out of the equation while cost and convenience remain the bane of data protection efforts for years to come.
Strengthening Assent Inventory Management
Organizations must prioritize strengthening the security measures of their devices and the network, especially during the pandemic. As data and devices are getting scattered with remote working in practice, it is vital to review corporate security strategies and ensure a decent overview of the inventory of assets and IoT devices. It’s recommended to build a broad review of asset inventory with a much deeper knowledge of individual assets including asset tracking, traffic pattern analysis, updating the assets, and rapid-response in the case of a cyberattack.
Shadow IoT Devices
The COVID-19 crisis has led to another issue known as shadow IoT devices, which is when employees working at home introduce unauthorized IoT devices to the enterprise. This increases a significant level of vulnerability for the organization and its data as these devices are not layered with security measures and can easily give access to an enterprise network.
A leading cloud security provider reported that during the early months of 2020, there was a 1500% increase in IoT device usage at enterprises. These are unauthorized IoT devices that include digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smartwatches, and even automotive multimedia systems. Each of these assets can be used as a point of exposure to get access to an enterprise network. Hence, it is crucial that IT and security professionals pay heed to the digital security hygiene practices of the workforce.
Cloud Security
As most people have moved their work off-premise since COVID-19, experts conclude that there will be a massive rate of cloud adoption during this period.
Cloud security tools with other cloud-hosted applications can help scale new assets quickly, remotely apply software patches, and integrate with other tools through standardized APIs with ease. Cloud connections can, on the other hand, face an increasing risk of data breaches. It is, therefore pivotal for IT and security departments to do a thorough risk assessment to decide which apps should be on the cloud and which should be on-premise.
Security Automation with AI
There has been a huge improvement in Machine Learning and AI technology, including AI-based security tools, which deliver better and often faster outcomes. It is therefore advised that organizations look for a predictive and detective strategy when it comes to IoT security. With AI, applications can now be programmed to automatically trigger a reaction to specific abnormalities, which is helpful when a rapid response is needed. The traditional Security Information & Event Management (SIEM) solutions are also witnessing AI-enhancement by models that provide streaming data analysis and threat modeling.
Conclusion
COVID-19 has led to a hike in cyberattacks that have in turn led to a surge in the need for IoT and IoT security adoption. It is high time organizations come to acknowledge that pandemic or not, adoption of technology has increased multi-fold, and we have now moved from an also-digital to an only-digital phase. Cybersecurity must include best practices for a robust and healthy IoT ecosystem to flourish.
This story first appeared in the August 2020 issue of CISO MAG. Subscribe now!
About the Author
Vikas Bhonsle is the Chief Executive Officer (CEO) at Crayon Software Experts India Pvt. Ltd. and has been leading it across India since June 2014. Vikas is an alumnus of the University of Mumbai where he completed his graduation in the field of physics and did his MBA. He is well versed with the disciplines of Business Management, Sales, Marketing, Strategy Formulation, Operational Management, and Relationship Management with over 20 years of experience.
Disclaimer
The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
