Many companies have now both recognized the development potential of the Internet of Things and developed a growing awareness of the risks involved in all aspects of IoT security. At the same time, however, there is often an increasing lack of concern in the same companies with regard to the daily use of the end devices used in this context. A study by the Palo Alto network surveyed 1900 companies worldwide, including 200 in Germany, each with more than 1000 employees.
IoT: growing market in crisis
The Internet of Things (IoT) is visibly becoming a trend market. The number of devices that are connected to it has been increasing for years. By 2020, it is expected that there will be 30 billion networked devices. That meant an increase of 80 percent last year alone. Industry experts expect 75 billion by 2025.
This development is likely to be driven by the growing trend toward mobile working. In particular, the increased start-up of home offices in 2020 due to the crisis played a major role. However, the security-related weak points of this development became particularly clear here.
IoT security: growing carelessness
Many companies have long allowed their employees to connect their own consumer devices to the IoT network used at work. These can be privately used end devices such as laptops and smartphones. But studies also repeatedly find connected applications that have little to do with work. For example, game consoles and e-cars are linked to company networks, as are sports equipment and smart trash cans. 35 percent of companies surveyed in a study reported cameras for monitoring pets and even automated feeding bowls. 34 percent are discovering smart home applications, such as smart lighting and power installations. Wearable medical measurement devices, such as fitness or diabetes trackers, were also found in reviews by 29 percent. In addition to 57 percent who said they had a complete overview of the devices connected to their networks, 38 percent expressed confidence, but nine percent had to admit they no longer had any insight into their own infrastructure at all.
IoT security: increasing threats
Of the companies surveyed, 84 percent stated in the survey that the security situation for IoT applications had also visibly deteriorated during the current crisis. These statements were not just based on hearsay or perceived impressions. More and more were also able to report their own experiences. 49 percent reported attacks on their industrial IoT structures. 45 percent had already experienced distributed denial of service (DDOS) attacks. And 35 percent reported problems with medical devices in this regard.
IoT security: advice from experts
In the face of such threats, IoT security experts recommend that all users, whether private or commercial, first obtain a precise overview of all devices connected to their network. The second step is to segment the networks. Critical infrastructure, which is essential for maintaining the basic functions of a system, should always be kept separate from less important equipment. A zero-trust approach to new, unknown connections must always be followed. Sustained cyber hygiene, which includes regular updates, security patches and certified authentication procedures, is also strongly encouraged.
More than half of respondents assert they have at least segregated key devices from private apps. Fifteen percent have even implemented micro-segmentation on their end, managing sensitive devices in their own compartmentalized areas. But almost all agree that much more effort is needed to build a satisfactory IoT security architecture.