In a new Palo Alto Networks study, technology leaders have acknowledged they need to step up security to face an IoT influx.Smart teddy bears, implanted heart monitors, electric cars and other connected devices are regularly connecting to corporate networks, prompting technology leaders to warn that significant action should be taken to prevent these devices from being used to hack into businesses.
That’s according to a new report on practices for securing the Internet of Things (IoT) commissioned by Palo Alto Networks, the global cybersecurity specialist, based on a survey of 1,350 IT business decision-makers in 14 countries in Asia, Europe, the Middle East and North America.
Overwhelmingly, respondents report a rise in the number of IoT devices connecting to their networks over the last year. Among the connected trash cans, light bulbs and hand sanitiser stations, one red flag emerged: 41% of respondents said they need to make a lot of improvements to the way they approach IoT security, and 17% said that a complete overhaul is needed, amounting to more than half of those polled.
Nearly one in four of those surveyed at organisations with at least 1,000 employees reported that they have not segmented IoT devices onto separate networks – a fundamental practice for building safe, smart networks. Only 21% reported following best practices of using microsegmentation to contain IoT devices in their own tightly controlled security zones.
“Traditional networks are ill-equipped to handle the surge in adoption of IoT devices,” says Tanner Johnson, senior cybersecurity analyst at Omdia. “Device behaviour baselines need to be established to allow for new recommended policies to help stop malicious activity. For instance, it would raise a flag if a connected thermostat started transmitting gigabytes of data to an unfamiliar site.”
Palo Alto Networks released the survey as part of its ongoing efforts to shed light on security threats posed by the surge in deployment of internet-connected devices. Business Insider Intelligence forecasts there will be more than 41 billion IoT devices by 2027, up from 8 billion last year.
“Devices that employees innocently bring onto an organization’s network are often not built with security in mind, and can be easy gateways to a company’s most important information and systems,” comments May Wang, senior distinguished engineer at Palo Alto Networks. “To address that threat, security teams need to be able to spot new devices, assess their risk, determine their normal behaviors and quickly apply security policies.”
Greg Day, VP and CSO EMEA, Palo Alto Networks adds: “The research shows there’s more we need to do to close the gap in IoT security strategy, especially as technology teams deal with the proliferation of such a diversity of connected devices at a dizzying pace.”
“Visibility really is key to both realising the business opportunity and understanding the risks of IoT. This is because most devices use proprietary methods, which are increasingly encrypted. If you cannot tell what a thing is or what normal looks like, how can you define what it should be able to access and why? More critically, how do you spot a change, that could be good, new capabilities or bad with the device being used as a gateway for attack,” he adds.
“With the influx of IoT, including through the supply chain sub-dependencies the add, organisations should not assume they are adequately secured. There is a lack of standardisation in security controls and the value of IoT devices varies so wildly between a few to millions of euros. So, we can’t expect the same investment in security controls when the IoT asset value varies so greatly,” Day concludes. “IT and security teams need to embrace visibility of IoTs and then segment both their critical digital business assets and align IoT things only to the business processes required. In other words, micro-segmentation.”
Survey methodology
Palo Alto Networks commissioned technology research firm Vanson Bourne, which polled 1,350 IT business decision-makers in 14 countries across Asia, Europe, the Middle East and North America.
Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow
