Every consumer and professional has nearly three devices attached to the internet, and by 2025, that number will jump to 10, according to Digicert and ReRez Research's State of IoT Security Survey, released on Wednesday. Between wearables, intelligent thermostats, car sensors, smart assistants, and more, the Internet of Things (IoT) is exploding, said the report.
However, with 80 billion connected devices worldwide, the surface area for threats has grown even larger, said the report. The report surveyed 700 organizations across five countries, focusing on industries that are known for early adoption of IoT, with companies ranging across sizes.
SEE: Enterprise IoT research: Uses, strategy, and security (Tech Pro Research)
IoT is vital to business, as 83% of respondents reported that IoT is somewhat or extremely important to their business day; that number rose to 92% when asked how important IoT will be in 2020. However, as more IoT is deployed, more security concerns arise, said the report.
To properly assess the state of IoT security, DigiCert separated respondents into three categories: Top-tier, middle-tier, and bottom-tier adopters. The top-tier organizations have the least IoT security problems, while the bottom have the most, said the report. The bottom-tier companies were 38% more likely than top-tier enterprises to lack the necessary IoT security-specific skillsets within their businesses, said the report. Additionally, 25% of these bottom-tier companies have lost at least $34 million in the past couple years due to IoT security issues.
Here are the five tips DigiCert formed to help bottom-tier companies reach the same level of IoT security success as top-tier ones:
1. Review risk: Perform penetration testing to assess the risk of connected devices. Evaluate the risk and build a priority list for addressing primary security concerns, such as authentication and encryption. A strong risk assessment will help assure you do not leave any gaps in your connected security landscape.
2. Encrypt everything: As you evaluate use cases for your connected devices, make sure that all data is encrypted at rest and in transit. Make end-to-end encryption a product requirement to ensure this key security feature is implemented in all of your IoT projects.
3. Authenticate always: Review all of the connections being made to your device, including digital and human to ensure authentication schemes only allow trusted connections to your IoT device. Using digital certificates helps to provide seamless authentication with binded identities tied to cryptographic protocols.
4. Instill integrity: Account for the basics of device and data integrity to include secure boot everytime the device starts up, secure over the air updates and using code signing to ensure the integrity of any code being run on the device.
5. Strategize for scale: Make sure that you have a scalable security framework and architecture ready to support your IoT deployments. Plan accordingly and work with third parties that have ,the scale and focus to help you reach your goals so that you can focus on your company's core
The big takeaways for tech leaders:
- Organizations with more IoT security issues have less on-site IoT security staff. — Digicert, 2018
- If organizations want beef to up IoT security, they must review risk, encrypt everything, always authenticate, instill integrity, and strategize for scale. — DigiCert, 2018
- IoT security: What you should know, what you can do (free PDF) (TechRepublic)
- The future of IoT? State-sponsored attacks, say security professionals (ZDNet)
- Internet of Things (IoT): Cheat sheet (TechRepublic)
- How to create a security strategy for IoT (ZDNet)
- New security certification could make it easier for businesses to get started with IoT (TechRepublic)
Macy Bayern has nothing to disclose. She does not hold investments in the technology companies she covers.
Macy Bayern is an Associate Staff Writer for TechRepublic. A recent graduate from the University of Texas at Austin's Liberal Arts Honors Program, Macy covers tech news and trends.