Extreme : IoT Security an All-In Proposition

A recent Omdia-Syniverse IoT Enterprise survey notes security as the biggest hurdle to IoT growth, with 50% of respondents stating the ability to ensure data, network, and device security as their top concerns. Even our government prioritized security near the top, recently putting the Internet of Things (IoT) Cybersecurity Improvement Act into law. But hackers are still making hay while the sun shines.

IoT security vulnerabilities come in many shapes and sizes, spanning verticals and posing threats at the user, device, and network levels. Take healthcare, for example. As of March 2019, some 60% of healthcare organizations introduced IoT devices into facilities. Nearly 90% of healthcare firms plan to implement IoT tech this year. According to the Herjavek Group, 57% of healthcare organizations have experienced more than five data breaches over the last three years. And over 95% of healthcare organizations have experienced at least one data breach in that time.

Inconsistent device production standards paired with poor maintenance and updates are providing fertile ground for nefarious acts. With the abovementioned legislation in place, manufacturers are tasked with meeting more rigorous NIST standards and better-communicating information on device end of life or length of support, how customers can report vulnerabilities, and update availability.

Preventing your organization from becoming front-page news means ensuring there is no weakest link. According to Cybercrime on average, each medical device possesses 6.2 vulnerabilities, offering hackers easy access to a hospital network and critical data. The FDA and DHS noted third-party communications software was a prevalent access point pre-pandemic. The mass migration of the workforce home didn't help matters, as now the theater of attack vectors increased dramatically. Your Alexa is a much easier target than you think.

At the user level, mitigating risk starts with a strong password. In 2019, 80% of data breaches were caused by password compromise. Fun fact: the average person reuses the same password 14 times. Nearly 50% of workers use the same passwords for both work and personal accounts. Complexity is your friend when creating your password.

Now that we've laid out some of the scary truth, let's talk solutions.

• Proactively monitor and manage your devices and network traffic
• Vet your software/hardware providers: Know that you should expect regular software updates and patches. Know the product/service/solution going into your network and how to best maintain it. Test it. Then test it again. Do your due diligence.
• Training, training, and training: We live in an era of change. COVID-19 accelerated deployment plans, pedal to the metal style. It's time for a refresher on 'what links not to click' and 'password is not a password', with a new section on 'how/where you should be connecting to network resources.'

The modern cat and mouse game of security is something Tom and Jerry would admire, but it is no laughing matter. Each connection - personal or business - can open a gateway with no way of recouping from the consequences.