sb-nz logo
Story image

The growing importance of IoT security

30 Jan 2020

Article by Palo Alto Networks vice president and regional chief security officer, Asia Pacific and Japan, Sean Duca.

The value of the Internet of Things (IoT) devices being used in homes reached more than $1 billion in 2019 and is forecast to reach $5.3 billion by 2023, according to industry analyst Telsyte.

This wholehearted embracing of IoT by businesses and consumers alike means that Australia will be awash with IoT devices in the next few years. The benefits are enormous, opening up opportunities to increase safety, productivity, and convenience. Recent PwC research showed that IoT could achieve potential annual benefits of more than $300 billion per year over a period of eight to 18 years. However, these devices can also create a significant security risk if not managed properly.

While consumer-facing risks are real, there are also more insidious risks that are often not considered in the IoT discussion. For example, if IoT devices controlling public utilities such as energy and water are compromised, the risks to public safety can be enormous through contaminated water or interruption to the electricity supply. If businesses’ IoT sensors are compromised, the results can include massive compliance and legal issues not to mention financial and brand implications.

Organisations are increasingly relying on IoT devices to improve productivity and safety, and the results are overwhelmingly positive. However, it’s essential for these businesses to avoid becoming complacent when it comes to securing IoT devices. Just one unsecured device can create a gateway into the organisation’s network and cybercriminals can then have free reign to sabotage operations, steal information, create havoc, and damage organisations irrecoverably.

One of the key security risks to be aware of with IoT devices and networks is that some manufacturers don’t take device security seriously and tend not to include some basic security functions. It’s therefore mandatory for users to purchase and implement a robust measures to protect their IoT devices.

Securing IoT devices doesn’t have to be overly complex or costly. It’s simply a matter of including the IoT devices in an organisation’s overall security posture, which should already include the ability to detect IoT devices on their network, the risks associated with them and segmenting access and communication to them. Users should never leave IoT devices with the factory-installed username and password; they should always assign new and unique usernames and passwords to new devices.

It’s also important to be realistic about what things should be connected. Some IoT devices are simply gimmicks that don’t offer the same tangible benefits as others. If a device doesn’t need to be connected, businesses should avoid connecting it.

IoT devices should be treated like any other endpoint device and secured accordingly. Network segmentation, zero-trust approaches, strong passwords and where possible, multifactor authentication, and preventing users from connecting personal IoT devices to corporate networks are all important IoT security hygiene.

Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Dell Technologies unveils new data protection innovations for hybrid cloud workloads
The Dell EMC PowerProtect Backup Service, powered by Druva, is designed to deliver SaaS app protection without increasing IT complexity.More
Story image
From Me to We: Partnerships & multiparty systems in the post-COVID-19 age
MPS is all about sharing data infrastructure between people and organisations - think along the lines of blockchain, distributed databases and ledgers.More
Story image
Hackers offering forged “official” COVID vaccination certificates and negative test results on dark net 
There has been a 350% increase in the number of advertisements selling alleged COVID vaccines within the last three months.More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More