Pushing The Limits: How To Address Specific Cybersecurity Demands And Protect IoT, a Kaspersky study, revealed two-in-five businesses (44 per cent) in the META region are yet to protect parts of their IoT infrastructure. Meanwhile, the main barrier for the implementation of many businesses’ IoT projects, is the risk of cybersecurity breaches and data compromises.
According to IoT Analytics, the global number of connected IoT devices is expected to grow 9 per cent, reaching 27 billion IoT connections by 2025. With that dramatic rise in connected devices also comes an increased need for security. In fact, Gartner highlights that, in the past three years, nearly 20 per cent of organisations have already observed cyberattacks on IoT devices in their network.
While 72 per cent of organisations in the META region use IoT solutions, 44 per cent don’t protect them completely. This means that for some of their IoT projects – which may be anything from an EV charging station to connected medical equipment – businesses don’t use any protection tools.
The reasons behind this may be due to the great diversity of IoT devices and systems, which are not always compatible with security solutions. Almost half of businesses fear that cybersecurity products can affect the performance of IoT (46 per cent). Other common issues businesses face when implementing cybersecurity tools include being unable to justify investment to the board (43 per cent), high costs (40 per cent), lack of staff or specific IoT security expertise (40 per cent), or that it can be too hard to find a suitable solution (39 per cent).
Furthermore, cybersecurity risks are seen by more than half of organisations (63 per cent) as the main barrier to implementing IoT. This can occur when companies struggle to address cyber-risks at the design stage and then have to carefully weigh up all pros and cons before implementation. “Cybersecurity must be front and center for IoT. Managing risk is a major concern as life, limb, and the environment are at stake. An IT error can be embarrassing and expensive; an IoT error can be fatal. But cybersecurity is only one part of making a system trustworthy. We also need physical security, privacy, resilience, reliability, and safety. And these need to be reconciled: what can make a building secure, (locked doors for example), could make it unsafe if you cannot get out quickly,” comments Stephen Mellor, Chief Technology Officer at Industry IoT Consortium.
“IoT projects are very fragmented, loosely coupled, domain-specific, and integration-heavy in nature. In comparison, IT projects such as messaging/communication, analytics, CRM, etc., have around 80 per cent of common requirements. In the case of IoT implementation, however, we have to deal with all kinds of legacy systems, physical constraints, domain protocols, multiple vendor solutions, etc, and maintain a reasonable balance in availability, scalability, and security. In pursuit of higher availability and scalability, certain cloud infrastructure has to be leveraged, the system has to be open to some extent, then security becomes an enormous challenge,” comments Eric Kao, Director, WISE-Edge+ of Advantech, a global vendor of industrial IoT solutions.
“Despite all these challenges, IoT brings fantastic opportunities not just to businesses but to all of us, enabling comfortable living, transport, faster delivery, and communications. IoT is widely used in smart cities (62 per cent), retail (62 per cent), and industry (60 per cent). These include projects such as energy and water management, smart lighting, alarm systems, video surveillance, and many more.
Experts around the world are working on the task of effective protection for such projects but efforts should be made at every level – from equipment manufacturers and software developers to service providers and companies that implement and use these solutions,” adds Andrey Suvorov, CEO at Adaptive Production Technology (Aprotech, Kaspersky’s subsidiary IIoT company).
To help organisations fill the gaps in their IoT security, they should use the following approaches:
- Assess the status of a device’s security before implementing it. Preferences should be given to devices with cybersecurity certificates and products from manufacturers who pay more attention to information security.
- Use a strict access policy, network segmentation, and a zero-trust model. This will help minimise the spread of an attack and protect the most sensitive parts of the infrastructure.
- Adopt a vulnerability management programme to regularly receive the most relevant data about vulnerabilities in programmable logic controllers (PLCs), equipment, and firmware, and patch them or use any protection workarounds.
- Check the “IoT Security Maturity Model” – an approach that helps companies evaluate all steps and levels they need to pass to achieve a sufficient level of IoT protection.
- Use a dedicated IoT gateway that ensures the inbuilt security and reliability of data transferring from edge to business applications.
The full report is available to download here.