Think your network is secure? Think again.
The Internet of Things (IoT) fever has swept across Asia Pacific, with tens of thousands of connected ‘things’—including patient monitors, smart street lighting systems, and surveillance cameras in use today. But as we try to cope with the onslaught of smart devices, have we given serious thought to securing the IoT ecosystem?
IoT security may be a nebulous concept to some, but it is a very real challenge. The Mirai botnet incident in October 2016 that took down the likes of Netflix, StarHub and Twitter underscored the importance of securing all Internet-connected devices, and not just smartphones and PCs. IoT security incidents are not limited to global attacks either. In a survey of 1,150 business respondents from this region conducted Aruba, a Hewlett Packard Enterprise company, 88 percent reported experiencing an IoT-related security breach.
The flexibility of IoT technology has allowed thousands of use cases and applications to flourish – each demanding different types of devices with potentially different security protocols. While key sectors such as government, healthcare, manufacturing and retail have adopted IoT, this variability has also created endless attack surfaces that cybercriminals can exploit.
Securing IoT devices means more than just securing the devices and endpoints themselves. Businesses need to gain thorough visibility into their networks in order to have a strong grip on the organization’s security.
Let’s look at the top four industries that have suffered the most IoT-related breaches:
- Healthcare: 89 percent have suffered an IoT-related security breach
By 2019, 87 percent of healthcare organizations worldwide will have adopted an IoT strategy. Patient monitors and imaging systems are some of the most used IoT devices in healthcare enabling services — such as patient tracking and remote operations of devices.
While these bring significant benefits to patient well-being, security fears loom. Just last year, almost 6,000 videos of sick newborn babies from a hospital in eastern China, meant for parents to monitor their babies’ status, were leaked and sensitive info was compromised. This is not a one-off situation; nearly half (49 percent) of healthcare companies have reported malware issues and 39 percent reported that human error led to an IoT-related security breach.
- Government: 85 percent have suffered an IoT-related security breach
When adding new elements to a city’s infrastructure, governments must balance new and old technologies. In the case of IoT, it is about walking the tightrope of legacy tech and a sufficiently secure network to create smart cities—and 49 percent of government workers find this particularly challenging. Governments are further behind in their IoT progress when compared to other industries, with 35 percent of IT decision makers within government claiming that leadership has little or no grasp of IoT.
The lack of understanding within government organizations, combined with limitations of legacy technology certainly poses a very real threat to the vision of smart cities.
- Manufacturing: 82 percent have suffered an IoT-related security breach
The industrial sector understands the significance of automating the supply chain, and the operational efficiency and healthier profit margins it delivers. Countries such as India and Vietnam are already on the cusp of the Fourth Industrial Revolution, which will see the rise of smart factories outfitted with IoT, cloud computing and cyber-physical systems.
To realize this manufacturers need to secure their network and devices, but are struggling to do so. Of those who experienced an IoT-related security breach, half were malware related whereas 40 percent were due to human error. This security gap needs immediate closing, particularly as manufacturers begin to connect critical devices such as chemical sensors and picking systems.
- Retail: 76 percent have suffered an IoT-related security breach
Over half (56 percent) of retailers who have implemented IoT in their stores are allowing shoppers’ personal mobile devices to access the network in a bid to enhance consumer experience. Singapore’s 313@Somerset on Orchard Road features an app that notifies shoppers of promotions as they pass specific stores, made possible by beacon-based indoor positioning and IoT.
But considering the 41 percent of retailers have already suffered from an IoT-related attack, it is clear they need to find a middle ground between delivering an integrated and seamless shopping experience and protecting their network.
Network control through total visibility
Businesses need to move beyond basic network management to a more predictive model as they adapt to the influx of IoT devices on the network. Network managers need more granular information about the devices on the network as visibility is paramount in security. They need to identify what devices or services on the ports are being targeted, and this is leading to a review of protocols and software tools required to build IoT-ready networks.
For added security, network managers adopt an adaptive trust paradigm in which no user or IoT device is trusted until proven safe. Adaptive trust also allows for dynamic profiling of devices as they connect to the network, and this offers network managers with enhanced visibility and information that can used within security policies and troubleshooting.
Businesses are increasingly adopting IoT technology, with more choosing affordability and deploy-ability over security-by-design technologies. The IoT space is set to reach a fever pitch, and most organizations (97 percent) expect IoT to deliver returns within a timeframe of five years. However, security breaches can and will hamper this growth trajectory if not managed properly from the onset. IoT technologies may be the future. But, only businesses that stay on top of IoT security will go on to be successful in the IoT-enabled economy.
This article was contributed by Justin Chiah, Director and General Manager, South East Asia and Taiwan at Aruba, a Hewlett Packard Enterprise company