The Internet of Things (IoT) is causing serious security concerns for enterprises worldwide with few companies capable of securing them as they are unable to identify devices properly, according to new research.
On Wednesday, ForeScout Technologies revealed the results of a new survey into the challenges IoT poses for the enterprise.
The survey, conducted by Forrester Consulting, suggests that IoT and operational technology (OT) are having a serious impact on the way businesses conduct themselves today — and pose a huge risk due to a lack of information and appropriate security practices.
Connected consumer devices have captured the attention of the media, but the market for the Internet of Things (IoT) in enterprise and industrial sectors is poised be much larger—around $300 billion annually by 2020 compared to half that for consumer technology, according to research by Bain & Company.
Industrial applications for the Internet of Things may not be as visible in most people’s daily lives, but they are typically more complex than those in the consumer realm. Many industrial applications operate large physical devices, and failure carries greater risk. Consider robotic arms in an automotive factory or valves in an oil refinery. The technology operates in real-time and it cannot simply stop operating without serious safety consequences. “Blue screens” are just not acceptable in industrial environments.
With the IoT market on track to reach $800 billion this year and more than 2 billion connected devices already in the wild, it’s no surprise that Internet of Things (IoT) security is now a top priority for cutting-edge enterprises. The challenge? Actually making inroads. While updating stock passwords and improving employee education are helping deflect entry-level attacks, widespread distributed denial-of-service (DDoS) and botnet incidents are on the rise. It begs the question: Is better digital device defense possible, or is IoT insecurity inevitable?
Three quarters of all Internet of Things (IoT) projects are “failing”, according to Cisco’s Australian CTO Kevin Bloch, primarily because they have been designed to solve individual problems, and have become siloed and unsupported as a result.
“The inaugural phase of IoT is characterised by numerous point solutions from a multitude of new — often startup — vendors. Typically, these solutions have been designed to solve a particular societal problem such as lighting or parking. In each case, a complete IT stack needs to be built in support of the solution,” Bloch explained.
“Eventually, customers find themselves with multiple siloes from multiple vendors that don’t interoperate, are not cybersecure, use different protocols, and generate more complexity at greater cost.”
Most (54%) cybersecurity professionals believe the threat landscape is evolving faster than they can respond, with a lack of preparation and strategic thinking endemic, according to RedSeal.The network resilience vendor polled 600 IT and security decision makers in the UK and US to compile its RedSeal Resilience Report 2017.
It revealed that most respondents feel they are under-resourced (54%), can’t react quickly enough when an incident strikes (55%) and can’t access insight to prioritize incident response (79%).
Just 20% said they’re extremely confident their organization will be able to function as normal in the event of a breach or attack.
At GE’s annual Minds and Machines conference last week, the company launched a new book, Industrial Internet of Things for Developers, that explains much of what needs to be understood by those interested in and tasked with developing applications for the Industrial Internet of Things (IIoT). Foremost among these is that if you are going to create applications for the IIoT, the development process must change.
Does IoT stand for “internet of threats”? One senator says it might soon, and warned that the internet of things could “pose a direct threat to economic prosperity, privacy and our nation’s security.”
Indeed, security issues plaguing IoT devices have long been a concern, and last week congressional Democrats introduced a bill designed to help mitigate what are seen as widespread vulnerabilities. But while the effort is noble and may help raise awareness of the issues, there are lots of reasons why the Cyber Shield Act of 2017 won’t end up doing much to actually solve the problem.
Security outfit Gemalto has just released a survey which says that 90 percent of consumers lack confidence in the security of Internet of Things (IoT) devices.
The survey showed that two thirds of consumers and almost 80 percent of organisations support governments getting involved in setting IoT security because they did not trust manufacturers to protect them.
Gemalto Data Protection CTO Jason Hart said it was clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,.
The seriousness of KRACK and the threat posed by Wi-Fi vulnerabilities to IoT-enabled devices should not be underestimated, say experts.
This week, the headlines have been full of KRACK, ever since security researchers revealed on Monday the existence of several major security vulnerabilities that could be exploited to steal sensitive information from devices connected to a wireless network.
These exploits are known as Key Reinstallation Attacks – hence the term KRACK – and they affect the WPA2 protocol that is the current industry standard for encrypting traffic on Wi-Fi networks. In other words, a skilled hacker could intercept and manipulate the traffic flowing between a connected device and the web.
The only good news in this whole mess seems to be that the attacker needs some physical proximity to the device itself in order to succeed in this kind of attack. At the very least, that vastly reduces the possibility that KRACK could be used to create botnets.
This is one of eight conclusions drawn from a conference of representatives from the private sector, security community, law enforcement, the European Computer Security Incident Response Teams (CSIRT) community and academia.
The conference was hosted by Europol and Enisa, which have joined forces to tackle the security challenges presented by a wide and diverse ecosystem of up to 20 billion interconnected devices by 2010 and services that collect, exchange and process data to adapt dynamically to a context.