With the Internet of Things (IoT) now becoming mainstream with 64% globally using IoT solutions, 43% of organizations have yet to fully secure their infrastructure, according to the recent report of cybersecurity solutions firm Kaspersky. IoT projects could range from electric vehicles to medical equipment or even an automated lock for homes and buildings.
Kaspersky thinks that the sheer amount of IoT devices and solutions may have been discouraging companies. Securing every device of infrastructure is an overwhelming task. This can also be the reason some businesses delay their IoT adoption with 57% of organizations citing cybersecurity risks as the main barrier to implementing IoT.
Based on the report of IoT Analytics, the global number of connected IoT devices is expected to grow 9%, reaching 27 billion IoT connections by 2025.
“With that dramatic rise in connected devices also comes an increased need for security,” Kaspersky said. “In fact, Gartner highlights that, in the past three years, nearly 20% of organizations have already observed cyberattacks on IoT devices in their network.”
According to Kaspersky, almost half of businesses fear that cybersecurity products can affect the performance of IoT (46%) or that it can be too hard to find a suitable solution (40%). Other common issues businesses face when implementing cybersecurity tools are high costs (40%), being unable to justify the investment to the board (36%), and lack of staff or specific IoT security expertise (35%).
“Despite all these challenges, IoT brings fantastic opportunities not just to businesses but to all of us, enabling comfortable living, transport, faster delivery, and communications,” Andrey Suvorov, CEO at Adaptive Production Technology (Aprotech, Kaspersky’s subsidiary IIoT company). “IoT is widely used in smart cities (62%), retail (62%), and industry (60%). These include projects such as energy and water management, smart lighting, alarm systems, video surveillance, and many more. Experts around the world are working on the task of effective protection for such projects but efforts should be made at every level – from equipment manufacturers and software developers to service providers and companies that implement and use these solutions.”
To help organizations fill the gaps in their IoT security, Kaspersky suggests the following approaches:
- Assess the status of a device’s security before implementing it. Preferences should be given to devices with cybersecurity certificates and products from manufacturers who pay more attention to information security.
- Use a strict access policy, network segmentation, and a zero-trust model. This will help minimize the spread of an attack and protect the most sensitive parts of the infrastructure.
- Adopt a vulnerability management program to regularly receive the most relevant data about vulnerabilities in programmable logic controllers (PLCs), equipment, and firmware, and patch them or use any protection workarounds.
- Check the “IoT Security Maturity Model” – an approach that helps companies evaluate all steps and levels they need to pass to achieve a sufficient level of IoT protection.
- Use a dedicated IoT gateway that ensures the inbuilt security and reliability of data transferring from edge to business applications, such as Kaspersky IoT Secure Gateway 100. It is Cyber Immune, which means almost no attack can affect the gateway’s functions.