As the number of IoT devices increases, so does the risk of attack from known and unknown threats. The 2023 IoT Security Benchmark Report shows how organizations are using advanced IoT security to protect connected devices.
The number of connected IoT devices will continue to grow in the coming years, reaching an average of over 2025 devices per company by 9.000. Unfortunately, most existing IoT security solutions do not have any built-in prevention or enforcement measures. They often use legacy, signature-based detection methods that focus on known devices. Poor IoT security has been a factor in several high-profile security incidents over the past few years, including those at SolarWinds and Colonial Pipeline, which ultimately cost billions to fix.
IoT-related attacks are common
The 2023 IoT Security Benchmark Report from Palo Alto Networks in partnership with Starfleet Research shows how organizations are using advanced IoT security to protect connected devices from known and unknown threats. The report was developed by Starfleet Research, a global leader in benchmarking best practices in technology-enabled business initiatives. A team of subject matter experts employed primary and secondary research techniques that involved IT and cybersecurity leaders, IT staff, and other industry professionals with first-hand experience of IoT security in their organizations. 81 percent of security leaders said their organizations had experienced an IoT-related attack in the past year. Below are some other key findings from the study.
The size and scope of IoT across different industries
The number of connected network devices in corporate networks has increased from an average of 700 devices in 2020 to more than 3.000 devices in 2022. Experts agree that this number will continue to grow exponentially across all industries. The use of IoT devices across a range of sectors encompasses different use cases.
- Healthcare: wearable devices (e.g. fitness trackers, smartwatches), pacemakers, blood pressure monitors, connected hospital equipment (e.g. MRI machines, X-ray machines).
- Manufacturing: RFID labels, sensors, cameras, controllers.
- Hospitality: smart locks, thermostats, sensor-based lighting, energy management systems.
- Retail: Beacons, interactive displays, connected fitting rooms, connected packaging
- Financial services: ATM sensors, NFC-enabled devices (e.g. smartphones, smartwatches), CCTV cameras, authentication tools.
- Authorities: traffic monitoring, air quality monitoring, road safety, smart trash cans, smart water meters.
The dark side of rapid IoT growth
The risks posed by connected devices threaten to erode the benefits of increasing productivity, efficiency and revenue. IoT device manufacturers have not always done everything they can to protect them. 86 percent of those responsible for security are of the opinion that manufacturers protect their IoT devices from attacks "poorly" or "very poorly". IoT devices are often designed by manufacturers with convenience in mind, sometimes at the expense of security. In short, IoT devices often ship with vulnerabilities, run unsupported operating systems, are difficult to patch, and lack communication encryption. This leaves IoT devices vulnerable to medium- or high-severity attacks.
Challenges in protecting connected devices
Understanding the challenges organizations face in securing IoT devices will help in choosing solutions. Below are some of the most frequently cited challenges:
- Complexity of ecosystems of connected devices
- Impossibility to obtain full transparency
- Different security levels
- Inadequate security features
- Lack of network segmentation
- Unencrypted Data
- Limited security standards
- Compliance Requirements
- Insufficient time and financial resources
To meet these challenges, organizations need to rethink their security strategy. Connected devices must be integrated into security frameworks to close these risky gaps and mitigate vulnerabilities in a growing attack surface.
Zero trust approach and device security
In a Zero Trust system, an organization must verify and authenticate all devices and users before granting them access to resources. The Zero Trust approach to IoT security protects an organization by eliminating implicit trust and continuously auditing every phase of digital interaction. With Zero Trust, no device or user is automatically trusted, whether they are on or off a network. Zero Trust provides a viable and effective security paradigm that can be deployed to protect the hundreds of thousands of connected devices deployed in enterprise ecosystems.
How industry leaders protect connected devices
Successful IoT security strategies are based on a zero trust approach. The strategy should also integrate a purpose-built IoT security solution into existing security systems, such as B. Platforms for protecting endpoints and systems for detecting and responding to intruders.
Industry-leading companies are implementing an IoT security solution that uses machine learning to detect vulnerabilities and suspicious activity, even those never seen before. Additionally, IoT security runs continuously, with automated zero-trust security, and is deployed on a highly scalable cloud architecture. Other features of the industry-leading IoT security solution include:
- Ability to discover all - known and unknown - IoT devices on the network
- Functions for assessing compliance
- Analysis of device behavior to create baselines and detect anomalous activity
- Protection against known, unknown, and zero-day threats
- Least privileged access policy recommendations and enforcement capabilities
- Easy integration with other security and IT systems
Take advantage of connected devices risk-free
Palo Alto Networks concludes: Companies across multiple industries have increased their productivity, efficiency, and revenue through the use of IoT devices. When leaders take the time to understand IoT security, the challenges, and the solutions deployed by industry leaders, they can reap the benefits of connected devices while minimizing the risks.
More at PaloAltoNetworks.com
About Palo Alto Networks Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.
Matching articles on the topic