Enterprise IoT Security
Security & Architecture
The Momenta Team
Trust becomes essential as more individuals and businesses rely on connected services online. For organizations including corporations, utilities and the public sector, the risks of network intrusions, denial-of-service attacks, sabotage and theft of intellectual property rise as operational systems increasingly become connected to the Internet.
IT security for business is analogous to physical security, demanding a broad-based approach with multiple layers of protection. The market remains dynamic, with new innovations emerging to address constantly evolving threats as maturing sub-segments are subsumed into broader, converged offerings.
Security is a critical component for IoT applications
The Internet of Things (IoT) is seeing an exponential rise in connections, applications, communications and commerce, information and systems that are increasingly vulnerable to threats. Trust is critical. Securing systems becomes increasingly challenging with the exponential growth of connected devices and applications as architectures become more distributed. Threats continue to become more pervasive, driven by technological advances and the growing involvement of organized crime and governments.
What are the security implications of connected devices?
The infamous Target data breach was originally caused by criminals in store parking lots hacking the air conditioning system. Samsung’s Smart TV, Amazon Alexa, Google Home and other smart devices use voice recognition software, so no conversation is private – note that Amazon recently disclosed that conversations recorded from its Alexa devices were accessed by contractors. Cars today typically have over 250 microchips with potential vulnerabilities. Airplanes are also hackable – we’ve seen a computer security expert hack an airplane in a demo to make it fly sideways. Cybercrime itself is going 3D with robots and other advanced technologies. Drug dealers are flying drones to find other dealers they can steal from. Drones in swarm formation can be a threat if they are armed and drones can be hacked as well.
Connected devices are prone to vulnerabilities
A 2016 survey by HP’s Fortify division found that 35% of applications scanned exhibit at least one critical or high-severity vulnerability. Additionally, Fortify found an average of 25 vulnerabilities per Internet-connected device, a sample that included TVs, webcams, thermostats, remote power outlets, sprinklers, door locks, home alarms, scales and garage openers. One of the biggest issues gating adoption of consumer IoT solutions will be the need for users to be comfortable that their privacy and personal data are secure.
The Growing Risks of IoT devices
Corporate executives are increasingly aware of threats, but admit there is still insufficient attention paid to security of connected devices. A May 2019 study by Shared Assessments and the Ponemon Institute on IoT risk, “Companies Don’t Know What They Don’t Know” surveyed 625 leading corporate governance and risk executives. Some concerning results include:
- 26% had experienced a data breach caused by unsecured IoT devices
- 84% expect a likely data breach caused by an IoT device
- 87% believe an IoT-launched attack, such as a distributed denial of service, will be very likely to occur in the next two years
- 27% say boards of directors require assurances that IoT risk is being assessed, managed and monitored
- Only 11% say their organizations currently educate employees about risks created by IoT devices in the workplace
Data breaches target organizations of all sizes
Cybercriminals target personal information of customers stored in the systems of websites and business, and regulations typically require that companies disclose incidents that have resulted in the theft of data. According to the 2019 MidYear QuickView Data Breach Report, the first six months of 2019 there were over 3,800 publicly disclosed breaches exposing nearly 4.1 billion compromised records, with 3.2 billion of those records exposed by just eight breaches.
Earlier this year, the largest collection of leaked data in history was posted online by security researcher Troy Hunt, who discovered a dataset comprising more than 772 million email addresses and 21 million passwords in a package of 12,000 files. According to Hunt the files contained over 1.1 billion unique combinations of email addresses and passwords, made up of numerous data breaches from thousands of different sources with the data likely used for credential stuffing, which cybercriminals use to bulk test combinations of email addresses and passwords.
Architectural transitions compel new thinking
The adoption of mobile and cloud computing creates challenges for security and compliance. Cloud computing impacts multiple areas of concern for businesses: governance (how can organizations ensure that cloud-service providers comply with corporate and regulatory requirements); data (where is the data physically stored, how is it protected); identity (how to federate authentication and access controls across different hosted environments); communications (how to ensure that data in transit is kept secure) and other considerations. New vectors are constantly emerging for vulnerabilities including Android, industrial control systems and other connected devices.
Increasingly, there’s the realization that attacks cannot be completely prevented - rather strategies need to focus on rapid mitigation and risk management instead. There’s a lot of work currently on incorporating machine learning and artificial intelligence to detect and remediate threats, and we look at the most innovative startups as well as large organizations to lead the way.
Want to learn more about the potential threats to IoT security? Join us for a webinar presentation, Enterprise IoT Security: Connect and Protect on Thursday, October 24th where we will examine the security issues of today.
Momenta Partners encompasses leading Strategic Advisory, Talent, and Venture practices. We’re the guiding hand behind leading industrials’ IoT strategies, over 200 IoT leadership placements, and 25+ young IoT disruptors. Schedule a free consultation to learn more about our Connected Industry practice.