The emergence of IoT or the Internet of Things introduced plenty of new opportunities for businesses everywhere. Suddenly, you can connect just about anything to tap into advanced analytics, more concise data and actionable insights. Unfortunately, it turns out that linking everything up to the open internet and public networks — even devices that traditionally wouldn’t be — causes quite a bit of fuss for cybersecurity.
For an enterprise, especially, the more IoT and connected devices that tap into a network translates to fewer controls. It’s difficult to identify the devices connecting to the network, which makes it even harder to discern what users or apps do with them.
How Serious Is the Problem?
A Forrester Consulting survey reveals how unprepared modern businesses are to deal with this problem. Out of 603 IT and line-of-business decision-makers involved with cybersecurity teams, 82 percent of companies say they are not confident they can pass audits simply because they cannot identify all IoT or OT devices connected to their network(s). And it’s not just companies in the U.S. either — the survey included those from Australia, New Zealand, France, UK and Germany.
It’s a vast and remarkably widespread problem that touches on the entire business and enterprise sector as a whole. B2B, ecommerce and conventional retail companies are included in the adoption of IoT as well. Brick-and-mortar retailers, for example, utilize IoT to improve their stores and offer more streamlined services for consumers.
The survey also went on to ask who should be responsible for the security of said untamed and unidentified devices. None of the respondents had a clear answer or solution — IoT is essentially the Wild West of modern technology.
To protect a network and the flows of data — incoming or outgoing — an IT and security team must have precise details about who and what enters the network. When coupled with BYOD environments, it becomes even more important.
Many security tools allow for and require proper identification so malicious parties and devices can either be blocked or removed from the network entirely. This stops unauthorized intrusions, potential data breaches and worse from occurring over an extended period of time. Furthermore, it’s vital to regaining a foothold and control over the network in the event of a major attack.
What’s the Solution?
There’s no single or straightforward answer for solving the major security issues with IoT, but that doesn’t mean it’s impossible to achieve.
To start, we need to focus on improving the security for IoT altogether. Many devices — especially portable — have lax security in place which makes them ripe for the picking. The more vulnerable the device, the more likely bad actors will target it. This lies outside the scope of enterprise and business IT teams, however. It’s more of a responsibility for the entire technology industry and device manufacturers to handle. Still, it’s something that needs doing, even to help protect consumer data too.
As for device discovery and identification, automation and sophisticated machine learning algorithms are the most approachable answers. Manually vetting and registering the details of every device that connects to the network is not just tedious, it’s impossible even for the largest of IT support teams. It only makes sense to automate the process, but it can be improved to pick up on unauthorized parties and devices. This can effectively be referred to as dynamic IoT device discovery and profiling. But for it to work, you need a real-time monitoring and data processing system in place, which is no small feat.
The system must review not just the users and devices, but what they do after accessing the network, where they go, how often they connect — or how long they stay — and whether or not they remain within the boundaries of their permissions. Using this information, it must then take action and send alerts to IT professionals for review.
Someone unauthorized, for instance, tapping into a portion of the network and attempting to access encrypted, sensitive data they shouldn’t view must be restricted or blocked entirely. And the system should have the knowledge and ability to do this as soon as it discovers a problem, no questions asked.
The good news is that many tools like this exist, and are continuously updated and improved to become more precise, reliable and efficient.
As for you — a business owner, executive, or IT professional working in the industry — it’s time you get serious about the problem and come up with some ways to bolster your own security before IoT becomes Pandora’s box. Deploying a real-time monitoring solution with the backup of a machine learning or AI platform is a great start.