Over the past few years, security challenges posed by the IoT devices in enterprises is growing at an alarming rate. On the changing security scenario in IoT, let’s have a look at the intricacies in the global enterprise sector.
Enterprises have moved from the traditional mobile devices to complex connected devices. To utilize the IoT to its maximum potential, the need to address IoT security challenges is the need of the hour. IoT based cyber attacks can have disastrous consequences for business continuity. If all the connected things are compromised due to a security breach and doors, cameras, computers, printers are disabled, then businesses are affected. According to a survey published in November last year by ForeScout Technologies on challenges IoT poses for the enterprise revealed that 54 percent of respondents said that IoT is causing serious anxiety due to security issues.
One of the issues is that the manufacturers and developers of IoT devices, are not security specialists. As a matter of fact, their business is not all about creating stand-alone secure products or services that can be protected from cyber attacks or used as a vector. Furthermore in IoT, when security is incorporated by the manufacturer it’s difficult for the purchaser to ensure that the product has the level of security they expect. The cost of implementing a high level of security on low-cost IoT devices will, unfortunately, never be financially feasible.
Hackers usually exploit the IoT devices for DDoS attacks from within the network, DNS tunneling and data exfiltration. They also use the botnets for distributed attacks and ransomware with encryption forced onto the IoT devices. In this regard, enterprises need to be careful and implement additional security protection of IoT devices. Unfortunately, for CISOs the cost of implementation security in unsecured IoT devices may never be financially feasible. Again, the enterprise security will have to seriously deal with the insider threats, as more connected ‘things’ are able to serve as a target or a vector of attack from the inside of the network. In addition, as IoT devices are connected to the internal network — data exfiltration will be one of the biggest issues with IoT security.
The Road Ahead
As the usage of IoT devices grows, the security requirements also changes over a period of time. Hence, IoT devices will be targets for malware attacks for the hackers trying to sneak and steal or cause havoc in enterprise based IoT systems. As IoT brings new channels for cyber-attacks, IT security departments will have to rethink their security strategies to neutralize the new threats. What was efficient in the past to protect businesses and their data is no longer suitable in the new age of IoT technology.