The idea of connectivity is not just limited to computers, it also extends to the appliances we use in day-to-day life contributing to a smarter workplace environment. Post-pandemic, the Internet of Things (IoT) has assumed gained greater significance due the growing emphasis on contactless technology and the need for remote enforcement and monitoring of COVID-appropriate behavior within office spaces, which includes the effective implementation of social distancing and observing the body temperatures of employees.
Gartner predicts that 47% of companies plan to increase their investments in IoT despite the COVID-19 onslaught. With the use of IoT devices increasing, the need to secure these devices from adversaries has also risen proportionally. Kaspersky reported that "the first half of 2021 witnessed 1.51 billion breaches of IoT devices, with over 58% done with the intent of cryptocurrency mining, distributed denial-of-service (DDoS) shutdowns or pilfering confidential data."
The findings further showed that the majority of the compromised devices lacked sufficient security protocols. With IoT devices now integrated with the critical assets of an organization (such as cloud environments), it is important to safeguard them as they could be used as potential vectors to carry out cyberattacks.
Presence of shadow IoT: Shadow IoT refers to the use of unauthorized devices by employees within the office network. The increased usage of personal and unmanaged devices such as smartwatches and speakers leads to a wider threat surface, because these devices may not have the built-in security features approved by the firm. Such endpoint devices can be exploited by threat actors to infiltrate the network.
To prevent shadow IoT from posing security risks, it is important to isolate such devices in a separate network. The network must allow devices to perform their designated services, while simultaneously examining incoming requests. With the application of the Secure Access Service Edge model, device monitoring is done efficiently due to its emphasis on endpoint security.
Security posture of third parties: Callous cybersecurity practices by third-party IoT providers can invariably affect their host or customer organizations. One of the main causes of this issue is the lack of a compliance system for standardizing IoT security. Additionally, the lack of firmware updates and debugging solutions will give leeway to attackers to exploit vulnerabilities.
Such shortcomings can be avoided by implementing software testing and vulnerability assessment measures to test devices for bugs and security gaps, and find solutions to mitigate them. Standardized rules help manufacturers comply with quality-related benchmarks. For instance, the Product Security and Telecommunications Infrastructure bill introduced by the British government aims to formulate cybersecurity standards for the manufacturers and distributors of IoT and other internet-connectable gadgets. Device updates can be delivered on a timely basis using over-the-air updates, using which firmware and software can be remotely updated without the interference of the supporting hardware.
Lack of authentication methods: Relying on traditional authorization methods poses a major risk of falling victim to credential stuffing, i.e., the compromise of one user account will lead attackers to use the same credentials for unauthorized access across various platforms. A major example is the security breach of IoT-based Ring home security systems, in which over 3,600 accounts were exposed, causing a major violation of individual privacy.
IoT manufacturers must instill practices that promote better password hygiene such as the addition of special characters and a regular change in passwords to prevent stagnation. Although this practice is economical in its design, it can be highly prone to human error. This is why multi-factor authentication and context-based access must be implemented for better authorization. By recognizing user and device identity for authentication, context-based access can create user-specific credentials that are hard to duplicate and also regulate their scope of access within the platform.
IoT Scalability: IoT has penetrated into a multitude of industries, with its applications proving to be instrumental in accelerating their modernization and productivity. For instance, the global pandemic has bolstered the use of Internet of Medical Things (IoMT) systems in healthcare, with a survey by Fortune Business Insights concluding that the global IoMT market has witnessed a 71.3% growth rate in 2020 compared to the annual growth rate in 2017-2019 and is expected to grow from $30.79 billion in 2021 to $187.60 billion in 2028 at a compound annual growth rate of 29.5%.
As processes steadily adopt IoT applications for automation, they must be scalable— the ability of systems to process larger volume of data without any compromise in its QoS.
To build scalable IoT, it is important for systems to be equipped with additional storage solutions that can also ensure better security of information. As we see the expansion of IoT-based concepts in the planning of smart cities, it is essential to have a decentralized storage system in place to accomadate the growing population of IoT devices within a network. This shortcoming can be addressed by implementing clutter-proof technologies like blockchain to store and monitor IoT-based information.
Blockchain is a distributed ledger that stores information as a series of time-stamped blocks that uses robust encryption techniques like hash pointers to ensure that the stored information is tamper-proof and can also escalate any unauthorized attempts at decryption. Data stored in blockchain can also be monitored by authorized parties, thus making it a transparent and a viable medium for enterprises that requires real-time tracking. With increased speed of processing transactions and reduction of overhead, blockchain can scale up IoT technologies in terms of security and efficiency.
The rising proliferation of IoT is not only limited to automating industrial and operational processes, but also extends to our day-to-day lives. Additionally, post-pandemic workplaces are witnessing a change in the threat landscape due to the increase in unmanaged IoT. This increasing presence must be accompanied by efficient technological upgrades and practices that ensure the security of IoT-based systems in the face of sophisticated threat actors.
2020 Zoho Corporation Pvt. Ltd. All rights reserved.