Security essential in the growing Internet of Things network

The Internet of Things is an enabler of a larger digital transformation that will produce vast quantities of data to be stored, parsed, and transmitted over an ever-expanding global network.

But as the world of IoT continues to expand, so do security threats. The billions of IoT devices in use have naturally created new vulnerabilities for companies. According to McKinsey & Company, as more ‘things’ get connected, the number of ways to attack them has increased dramatically. Pre-IoT, a large corporate network might have needed to account for up to 500,000 endpoints being vulnerable to attack, while the IoT may involve a network with millions or tens of millions of these endpoints.

IoT fueling transformation but vulnerabilities create risks for businesses

The potential value of IoT is large and growing. By 2030, McKinsey estimates it could amount to up to US$12.5tn globally. And, according to Palo Alto Networks, the rapid growth of capabilities and adoption of IoT technology has fueled a transformation in enterprise operations. 

IoT devices are believed to make up 30% of total devices on enterprise networks today, with the rich data collected from these devices providing a number of valuable insights informing real-time decisions and delivering accurate predictive modelling. In addition, IoT is a key enabler of digital transformation in the enterprise, with the potential to drive up workforce productivity, business efficiency and profitability as well as the overall employee experience.

However, despite the many advantages IoT technology enables, the interconnectedness of smart devices presents a substantial challenge to enterprises in terms of grave security risks arising from unmonitored and unsecured devices connected to the network.

What’s more, with increases in hybrid working environments, security weaknesses on employees' home networks could create risks for businesses. Last year infosec firm Bitdefender found a number of security vulnerabilities in a particular brand of baby monitors, potentially enabling attackers to either access the camera feed or execute malicious code on vulnerable devices.

And, in addition to commercial impact, the risks of IoT-related service disruptions extend to the critical infrastructure in our communities. “Imagine the implications of an attack on the switching infrastructure of a metro subway line, a wireless pacemaker becoming compromised, or a power grid shutting down,” says a whitepaper by Fortinet. “Lives would be at risk. Security professionals must be prepared to define solution requirements thoughtfully to guard against these new threats.”

“Thanks to the work-from-anywhere-era, the boundaries between home and work networks have blurred,” explains Sunil Ravi, Chief Security Architect at Versa Networks. “Once the malware has breached a home network, it can then move laterally across to the homeowner’s work network inflicting significant damage to the organisation. With IoT devices being the perfect target for malware, vendors must ensure that their products have effective security.”

Connected devices can be vulnerable to breaches

As Palo Alto Networks explains, without robust security, any connected IoT device is vulnerable to breach, compromise and control by a bad actor to ultimately infiltrate, steal user data and bring down systems. 

As large volumes of diverse IoT devices continue to connect to the network, a dramatic expansion of the attack surface is happening in parallel. Ultimately the entire network security posture is diminished to the level of integrity and protection offered to the least secure device.

In addition to these challenges, 98% of all IoT device traffic is unencrypted, putting personal and confidential data at severe risk.

Almost half of the respondents to a study by Capgemini identified the inclusion of technologies like IoT as one of the main issues exposing their organisation to breaches. Ineffective delegation of cybersecurity responsibilities also ranks amongst the top vulnerabilities, an issue making it difficult to identify malicious activity in a timely manner. 

SASE striking the perfect balance

Coined by Gartner in the 2019 Networking Hype Cycle and Market Trends report, Secure Access Service Edge (SASE) introduces a new architecture where networking and security functions are bundled in a cloud-delivered service. As IoT and internet-based traffic continues to soar, SASE allows enterprises to streamline network integration, security, and policy management of distributed devices with a centrally managed platform.

“While on the surface it seems like security and networking performance are at complete opposite ends of the spectrum, SASE has proven to be able to strike the perfect balance between the two entities,” explains Apurva Mehta, CTO and Co-founder at Versa Networks.

As Mehta explained to Cyber sister title Technology Magazine, Versa provides large organisations with an end-to-end solution which simplifies and secures modern networks by integrating security, networking and cloud services.

“SASE brings a tighter integration between networking performance and security,” Mehta explains. “This allows for IoT devices to be secure, whilst ensuring that high performance is maintained. Through SASE, organisations can ensure that all endpoints on IoT networks receive the same amount of security coverage and management capabilities – giving security teams complete visibility across their network.

Not only does SASE give organisations visibility across all endpoints in IoT networks, but it also segments the network. By segmenting the network, organisations can restrict the movement of malware on IoT networks, meaning that the cyber risk of an organisation is dramatically reduced. Additionally, when suspicious activity is spotted within IoT devices, it can be easily located by security teams and mitigated.

“IoT devices are here to stay and they have proven to be extremely valuable to businesses, however, they must be secure,” Mehta concludes. “With SASE, IoT devices can maintain their performance to meet the needs of the business but also ensure that security is watertight.”