While it may seem that we are living in a highly connected world, the reality is we are just getting started when it comes to digital connectivity of all the devices we use in our daily lives. The move to connect everything, from thermostats to sensors in your car and even your oven, are steps in the process to full connectivity and are a good indication that the Internet of Things (IoT) will continue to explode all around us. So much so, that analysts predict there will be 80 billion connected devices by 2025. This brings incredible opportunities for advances in technologies previously only dreamed of, and with these opportunities come new security risks. Eighty billion devices coming to market in a relatively short period of time opens up an array of new ways for bad actors to try and gain access to networks through these devices. In fact, experts say the massive DDoS attacks we’re seeing targeted on IoT devices are only the beginning.
With good reason, many organizations are drawn to IoT with its ability to improve customer experiences, grow revenue, and increase efficiency and business agility, but what enterprises need to come to terms with is that without a solid foundation of security and privacy, IoT can quickly turn on them.
To understand how enterprises globally are handling new security risks arising from IoT, DigiCert commissioned ReRez Research to conduct a survey of 700 enterprise organizations in the US, UK, Germany, France, and Japan. The study found that while some companies are doing well with IoT others are struggling.
Many enterprises have even started to experience significant monetary loss from their IoT roll-outs. In fact, among companies struggling the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years. Considering that IoT is expected to grow exponentially in the coming years, that number will continue to grow unless changes are made and IoT security is brought in at the beginning and managed all the way through an organization’s IoT implementation.
The study shows that companies which place a focus on IoT security early on (top-tier) and are seen as effectively managing IoT have a far lower rate of IoT-related security incidents, with only one-third experiencing a related incident. On the other hand, 100 percent of companies considered to be struggling with IoT deployment and security (bottom-tier) report experiencing at least one IoT-related security incident in the last two years. We saw other differences between the two groups as it relates to IoT-related security incidents:
We followed up on these missteps by asking how much each type of mishap cost the organization over the past two years. The most expensive damages came from five areas:
Despite the challenges, the data has shown that proper consideration of IoT risks coupled with deployment of scalable security basics that address authentication, encryption and integrity help companies build effective defenses against security threats.
The study also looked at the enterprises that are succeeding at IoT to glean wisdom and best practices. The most common security practices these companies engaged in were:
Based on their experiences and feedback, the following best practices will help companies as they roll out their own IoT strategies:
According to IDC Research, there are nearly three devices attached to the internet for every human on the planet. By 2025 that ratio will soar to 10 to 1. I think it’s safe to say that IoT will be around for a while. To make IoT a successful part of the business, organizations need to be vigilant when it comes to maintaining the integrity of their IoT systems.
For more information on the report and how your organization can act like the top-tier companies, get a copy of the full report here: https://www.digicert.com/state-of-iot-security-survey/.