December 12, 2016 By Scott Koegler 3 min read

Once seen as just a utility to monitor and control a variety of devices, the Internet of Things (IoT) has become a reality. Devices available for IoT deployment range from household products like thermostats and garage door openers to units that control manufacturing systems and robotic devices. Unfortunately, many of these systems were designed without sufficient consideration given to security implications.

I spoke with Emmanuel Schalit, CEO of password management vendor Dashlane, about four challenges IT managers face regarding IoT security.

IoT Complexity

How does the complexity of an IoT deployment impact security and how do enterprises need to protect themselves? According to AT&T’s “CEO’s Guide to Securing the Internet of Things,” 85 percent of enterprises plan to deploy IoT devices, but only 10 percent feel confident that they can secure those devices against cybercriminals. That’s worrisome, considering there are more than 5 billion internet-enabled devices in use today, with more than 20 billion expected by 2020.

“While most hacking of IoT centers on the actual devices themselves, oftentimes the back-end systems that control these devices are just as susceptible to attacks,” Schalit explained.

“So it really begins at the enterprise level, as devices are usually installed inside the secure perimeter of an enterprise network. Unfortunately, that perimeter can be easily penetrated or disabled. On top of that, insider threats, whether malicious or accidental, make up 70 percent of cyberattacks, and they usually originate inside that perimeter. So security is twofold: Secure the network and the things themselves.”

Vulnerabilities Are Everywhere

“Research has repeatedly shown that many IoT device manufacturers and service providers are failing to implement common security measures in their products,” said Schalit. “Consider the fact that many of the IoT devices will have long lives (microwaves, fridges, etc.) and very limited user interface [UI]. Most of them will contain known vulnerabilities for years. IoT devices are everywhere, which means vulnerabilities are everywhere.”

At-risk environments include homes, personal communication devices, automobiles, manufacturing environments, offices and more.

Inexperience and Fragmentation

“The first problem is that many organizations often lack tools and policies to monitor and secure the device,” Schalit explained. According to a recent ForeScout Technologies survey, 30 percent of organizations surveyed lack a specific security solution for their IoT deployment. Additionally, more than a quarter said they did not know if their companies had IoT security policies.

“There is often much fragmentation within enterprise IT,” Schalit continued. “Operations is separate from the information security group, which creates many issues for identifying and managing these technologies. Additionally, passwords ignore the border between home and work. The same person is using the same digital accounts on both sides, as we all do personal things at work and work at home. The same holds for the exposure. An employee who uses the same poor passwords for his personal accounts and his work accounts puts his entire organization at risk.”

Password managers and managed identity services are some of the ways companies can help manage the issue.

Lack of Visibility

As Schalit wrote on Dashlane’s blog: “People are digitizing details of their life at a rapid pace, but they are not replicating basic real-life security behavior. Just think how many people still use the same password for several websites. … Many people tend to underestimate the risks they encounter while using the internet and think they can simply reset their email or cancel bank transactions if they are hacked.”

The nature of cyberrisk has changed. A few years ago, a digital risk was fully contained in a personal computer. Companies protected themselves with antivirus and firewall software. Today, the risk is in the cloud and the devices that connect to it — that is to say, everything.

More from Cloud Security

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today