April 26, 2018 By Kacy Zurkus 3 min read

I’ll give you fair warning — what I am about to say is going to blow your mind: Connected devices are insecure. Take a moment if you need it.

While I jest, these realities are not breaking news. But if the devices themselves are insecure, is end-to-end security of the Internet of Things (IoT) even possible? And if it is possible, is it so costly that only the big guys can afford it?

Keeping Pace With IoT Security Threats

The threats from these devices will only increase, given that the number of connected devices is expected to proliferate to 125 billion by 2030. As the device population increases, so does the population of cybercriminals who can seize control of corporate devices with very affordable and widely accessible distributed denial-of-service (DDoS)-as-a-service products.

IoT security has been a top cybersecurity concern for the past three consecutive years. However, IoT developers lag when it comes to building security into devices. In fact, some developers have conceded to the challenges of securing every line of code and have begun securing critical systems exclusively. By failing to protect lines of code that are deemed less critical, these developers leave backdoors open to attackers.

The U.K. government recently called for device manufacturers to build security into their products. While there are currently no regulations related to IoT security, the hope is that this decree will make devices themselves more secure. However, as Mark Weir, director of cybersecurity at Cisco U.K. and Ireland, explained, “To ensure our nation collectively remains safe, we must ensure that smart devices are connected to a network that is equally as secure end-to-end, providing full visibility to any threats as they emerge so that they can be contained and dealt with responsibly.”

Enterprises that rely on the widespread use of connected devices for business productivity need to understand how to achieve strong network security. To that end, a recent Institute of Electrical and Electronics Engineers (IEEE) white paper offered best practices for securing connected devices, networks and IoT systems. When talking about IoT security, many leaders in the industry believe that new and emerging technologies have the potential to make end-to-end security not only possible, but also financially feasible.

Shifting Left of Boom

Mustering the resources to defend organizations in today’s complex digital environment takes grit. The beloved Atticus Finch of Harper Lee’s famous “To Kill a Mockingbird” might even say that it takes courage: “It’s when you know you’re licked before you begin but you begin anyway and you see it through no matter what. You rarely win, but sometimes you do.”

Josh Lefkowitz, CEO and co-founder of Flashpoint, echoed Finch’s sage advice: “The landscape is so incredibly complex, dynamic and multivariable that no solution on earth is ever going to deliver 100 percent proactive coverage,” he said. However, organizations should strive to be as “left-of-incident” as possible, thereby minimizing the window during which attackers can inflict damage.

But how can security teams get left of boom when the task of manually monitoring network devices and system administrators is so resource- and time-intensive? According to Chris Morales, head of security analytics at Vectra, “It is crucial to have visibility inside the network that can adapt to the dynamics of growth and change.” Organizations should also invest in technology that automates real-time analysis of communication, administrators, devices and human behaviors.

Any conversation about security must also look at issues with legacy systems, according to Jon Oltsik, senior principal analyst at ESG. There are numerous tools available for managing mobile and endpoint devices and protecting data, all of which require administrator training and different management consoles that must be tested, deployed and operated. Organizations should consider whether a unified endpoint management (UEM) platform is a viable solution for the challenges in their environments.

“These days, we have public clouds, big data technologies, open source, artificial intelligence, etc. In other words, modern compute, network and storage technologies should be able to overcome the challenges we faced 20 or more years ago,” Oltsik wrote.

No Easy Fix for End-to-End IoT Security

The problem is that IoT security is not an easy fix, as noted by Kamal Anand, vice president of cloud business unit at A10 Networks, in a 2017 report titled “Cybersecurity in an IoT and Mobile World.” The report shared expert opinions on how to change the tide of the cybersecurity arms race. Like Oltsik, Anand said he is optimistic about technology and the potential of AI and machine learning to help gain some ground on the virtual battlefield.

By implementing device security, data protection and cognitive risk management tools while proactively gathering threat intelligence across the IoT landscape, organizations can build toward end-to-end security. Successful IoT security efforts start with knowing the risks to the network and understanding the way IoT devices interact with corporate data. Security teams should also be sure to change default passwords and credentials. These basic best practices can help security leaders make a stronger business case for investing in the tools and resources necessary to proactively defend against IoT threats.

Listen to the podcast series: Five Indisputable Facts about IoT Security

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today