Enterprise cybersecurity must scale up to match the IoT

By Nigel Thompson
Share
The scale of the threat to IoT must not be underestimated, says Nigel Thompson...

The IoT is misunderstood. We may hear stories of smart devices being hacked in the home, or read news reports which condemn the poor security of a particular consumer product like smart doorbells. But in truth, IoT device vulnerability is pervasive. Right now, there are likely to be unencrypted or poorly-secured devices in our homes, but also in our children’s schools, our enterprises and our governments’ offices.

Cyber attacks on enterprise IoT networks are at a different level of danger when compared to home hacks. When critical infrastructure, such as connected devices found in manufacturing or healthcare, is hacked, the results can be devastating for personal safety, jobs, and even lives. 

Now, as the IoT grows exponentially to billions of devices, protecting each and every endpoint seems like an impossible job.

The swift pace of IoT has created an issue of scale “where the size of the environment of endpoints, data, and threats is making the job of the CIO and CISO unmanageable,” as Frost and Sullivan analysts put it. But there are ways security teams can manage this huge threat. The key is to be aware of the nature of the threat, and follow the fundamental steps to scaling up cybersecurity.

The threat surface is rapidly expanding

The threats due to enterprise IoT are significant and should not be underestimated. These connected devices generate an enormous amount of highly detailed data. Should this data be stolen or disrupted, the results could be highly destructive to business reputation and operational availability. Also, the data within supply chains that detail operational demands, production data and more will always have value to competitors.

IoT security is a challenge across verticals. According to Frost and Sullivan, the factory and industrial automation market will have nearly 10.8 million connected devices by 2025, while building automation will reach 30 million. Other verticals expecting substantial growth, according to the report, include connected cars and telematics, retail, healthcare and medical devices, and enterprise-issued and bring your own (BYO) devices.

“This will substantially increase the threat surface, which is reflected in the rapidly expanding threat landscape,” the firm wrote in their report. The total number of devices include recognisable endpoints, such as phones and tablets, as well as devices across nearly every other industry.

Of course, with these device deployments, there is great opportunity to improve operational efficiency, improve the lifecycle management of capital assets, provide real-time insight into the enterprise happenings, and engage with customers in new ways. But the security concerns are also real. The challenge is to manage the security risks so that these benefits can be realised, and the risks minimised.

It’s possible to regain control of all endpoints

There are a number of steps that can be taken to ensure adequate IoT security. One step every organisation can take right away is to procure devices from manufacturers that develop their products with security in mind – baking security in from the ground up, rather than bolting it on afterwards. As part of that effort, organisations should make sure to have their security teams test any new hardware and software for security flaws and ensure the devices can be managed just like other endpoints.

Effective IoT security is complicated not only by flaws in procured devices. It’s also influenced by how different business departments independently choose to manage and secure their IoT devices. All organisations must be aware of this, and should prepare to effectively track, secure, and manage all newly connected devices across the enterprise in a uniform way.

One of the most important strategies to success will be not treating IoT devices as a discrete security challenge, but as part of the organisation’s overall endpoint security strategy. If security teams are to have the visibility and control they need, endpoint and IoT security management must be unified. That includes devices that run any operating system, such as Android, Chrome, Windows, and macOS. With fewer consoles, or ideally a single console, when managing all endpoints, security teams will have all the information they need to properly identify security threats and respond to potential breaches, and to more intelligently defend systems and data.

Enterprises can’t afford to wait long to centralise their IoT and endpoint security. The longer they wait, the harder it’s going to be to successfully consolidate, especially as IoT deployments accelerate and there are ever more devices on networks, for example, as a result of the explosion of remote working caused by the recent COVID-19 pandemic. Without a centralised console, decentralised information about security events – including attacks across domains – will be lost or overlooked, and teams will be forced to try to manually piece together their responses.

Spot the signs when procuring enterprise IoT systems

Security teams must be alert to five key attributes when buying IoT devices from providers, to ensure maximum endpoint security:

· Centralised management of users, data files, apps and devices

· Alignment and compatibility with the most popular endpoint operating systems

· The ability to control the security configurations of access credentials, passwords and more

· Pattern tracking and analysis, to spot anomalies that could indicate crime

· Flexibility for deployment across cloud and on-premise environments

The CIO and CISO roles can survive the IoT. But organisations must be proactive in defending themselves against IoT threats. By exercising vigilance and deploying intuitive technologies, enterprises can scale their security efforts to match the expansive IoT.

Nigel Thompson, is VP Product Marketing at BlackBerry

Share

Featured Articles

Ox Horn: The Faux ‘European’ Campus Homing Asia’s R&D Leader

Operating out of an amalgamated town of Europe’s most beautiful cities, this Disney-esq town conceals the fact it is the campus of Asia’s R&D leader

Is Quantum Tech Key to Unlocking UN Sustainability Goals?

WEF explores quantum technologies' potential to accelerate UN sustainability goals, highlighting applications and ecosystem challenges for global impact

Women in STEM: Retention Crisis Amidst World Talent Shortage

New report highlights strategies for retaining female talent in STEM fields, addressing global workforce challenges during National Inclusion Week

Cloudera: Unlocking Real Business Value from Data Analytics

Enterprise IT

Microsoft's Investment in Brazil Boosts Tech and Economy

AI & Machine Learning

OpenAI in Transition Period as Mira Murati Steps Down as CTO

AI & Machine Learning