Top Internet of Things Daily & Weekly

The Real IoT Opportunity for Enterprises? A Chance to Address Security Risks Head On

The Real #IoT Opportunity for Enterprises? A Chance to Address Security Risks Head On

  • To underscore the realness of the IoT, and why it’s critical for organizations not to dismiss IoT security risks, just consider what’s happening in the threat landscape.
  • Martin Lee summed up the unique but fleeting security opportunity that the IoT presents to defenders in a recent blog post: “As the world builds the infrastructure and deploys the devices that comprise the IoT, we as a society have the opportunity to apply the decades of good practices learned as part of the development of the Internet—including painful lessons about the importance of security.”
  • A top priority for all enterprises: more visibility

    In the Cisco 2017 Midyear Cybersecurity Report, we outline several of the “good practices” that security teams should apply to IoT devices.

  • But IoT devices typically lag well behind desktop security capabilities and have vulnerability issues that can take months or years to resolve and even with some issues never being addressed.
  • For organizations, gaining that confidence will hinge on developing a proactive approach to security and a layered defense strategy—and understanding that every insecure IoT device, large or small, connected to their corporate network creates a security gap for attackers to exploit.

When business leaders think about the Internet of Things (IoT), they tend to focus on the potential opportunities for the enterprise and give far less attention to security risks. That’s a mistake. So, too, is believing that the IoT is only a concept on the distant horizon. The IoT already exists and is expanding rapidly. In fact, according to Gartner, at the end of 2016 more than 6 billion Internet-connected devices were in use worldwide; the research firm projects that by 2020, the number will exceed 20 billion.

@CiscoSecurity: The Real #IoT Opportunity for Enterprises? A Chance to Address Security Risks Head On

Craig Williams – August 2, 2017 – 1 Comment

When business leaders think about the Internet of Things (IoT), they tend to focus on the potential opportunities for the enterprise and give far less attention to security risks. That’s a mistake. So, too, is believing that the IoT is only a concept on the distant horizon. The IoT already exists and is expanding rapidly. In fact, according to Gartner, at the end of 2016 more than 6 billion Internet-connected devices were in use worldwide; the research firm projects that by 2020, the number will exceed 20 billion.

To underscore the realness of the IoT, and why it’s critical for organizations not to dismiss IoT security risks, just consider what’s happening in the threat landscape. First, IoT botnets, and their population, are growing larger every day. And IoT-driven DDoS attacks of significant power—over 1 TBps—are actually last year’s news. (The Cisco 2017 Midyear Cybersecurity Report, which features IoT botnet research discusses these developments in detail.)

So, the IoT and IoT-related threats are very real. A massive compromise of IoT devices has the potential to severely disrupt not only organizations, but also the Internet itself. Fortunately, we are still in the early days of the IoT, which means there’s still time for defenders to do their part to help secure it.

Martin Lee summed up the unique but fleeting security opportunity that the IoT presents to defenders in a recent blog post: “As the world builds the infrastructure and deploys the devices that comprise the IoT, we as a society have the opportunity to apply the decades of good practices learned as part of the development of the Internet—including painful lessons about the importance of security.”

A top priority for all enterprises: more visibility

In the Cisco 2017 Midyear Cybersecurity Report, we outline several of the “good practices” that security teams should apply to IoT devices. Implementing patches promptly and employing IPS defenses are just two of our recommendations. These devices are computers and, therefore, require the same security measures as any other networked machine. But IoT devices typically lag well behind desktop security capabilities and have vulnerability issues that can take months or years to resolve and even with some issues never being addressed.

The top IoT security priority for any organization, though, should be gaining visibility into their budding IoT environment. This is a critical first step to IoT security. Enterprises need to know what IoT devices are connected to their network today and study how they are behaving.

If organizations have no idea what computers, of any size or type, are on their network, and what those computers are touching, how they’re interacting with other devices, and what their normal network traffic patterns are, then they can’t even begin to secure their network. And that lack of visibility will only get worse as the number of IoT connections grows exponentially over time, and as IT and operational technology (OT) systems become increasingly more integrated. Without visibility IoT devices offer our adversaries a safe haven inside our network. A place to observe, plan, and carry out future attacks.

Defenders must act now to address IoT security, or risk repeating critical mistakes that we made when building the Internet. This time, we all know better.

Borrowing again from my colleague’s blog post: “For businesses and consumers to truly embrace the convenience and power of IoT, they must feel fully confident that we’re building IoT with security foremost in mind.” For organizations, gaining that confidence will hinge on developing a proactive approach to security and a layered defense strategy—and understanding that every insecure IoT device, large or small, connected to their corporate network creates a security gap for attackers to exploit.

Read more about IoT-related threats and other security trends in the Cisco 2017 Midyear Cybersecurity Report.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.

The Real IoT Opportunity for Enterprises? A Chance to Address Security Risks Head On