Why IoT Security Needs A Rethink

by Sohini Bagchi    Apr 06, 2018

iot security

IoT devices and equipment is creating daunting security challenges. According to a recent Deloitte poll, 40 percent of professionals report that managing increasing amounts of data and connected device (Internet of Things) security pose the greatest cybersecurity challenges to their organization over the next 12 months.

Respondents also identified third parties/extended enterprise (16.3 percent) and managing digital identities (13.5 percent) as the next largest challenges. Yet, only 14 percent report their organization’s cybersecurity program as mature, with cyber risk managed holistically across the enterprise.

“The hyperconnected and increasingly intelligent nature of today’s world requires organizations to continually rethink their approach toward cybersecurity,” said Irfan Saif, Deloitte Risk and Financial Advisory Cyber Risk Services principal, Deloitte & Touche LLP. “Cyber risk is more ubiquitous than ever before, and has to be embedded into the very crux of business operations in order to manage the challenges that organizations are facing now – and to prepare for new challenges that will undoubtedly arise in the future.

“When asked how confident they are in their organization’s ability to manage cyber risk and information security, fewer than 1 in 5 (19.4 percent) said they are “very confident.” And when it comes to mitigating attacks on digital identities, the poll reveals nearly 30 percent of respondents report the rise of cloud computing and mobile internet access as the greatest challenge.”With digital identities at the core of how systems are accessed and used, recognizing where and how to leverage automation and robotics is important to achieving better scale and speed of execution while simultaneously protecting the organization’s valuable assets,” added Emily Mossburg, Deloitte Risk and Financial Advisory Cyber Risk Services principal, Deloitte & Touche LLP.

“Organizations are also shifting the way they maintain and manage data by storing more of it in the cloud, which adds complexity and an additional layer of risk. Addressing cyber risk as a core principle from the onset can help to better mitigate these risks and both accelerate and enhance the potential outcomes of digital transformation initiatives,” said Mossburg.

Despite the steady year-over-year growth in worldwide spending, Gartner predicts that through 2020, the biggest inhibitor to growth for IoT security will come from a lack of prioritization and implementation of security best practices and tools in IoT initiative planning.  

Another Gartner survey found that nearly 20 percent of organizations observed at least one IoT-based attack in the past three years. To protect against those threats Gartner, Inc. forecasts that worldwide spending on IoT security will reach $1.5 billion in 2018, a 28 percent increase from 2017 spending of $1.2 billion. 

“In IoT initiatives, organizations often don’t have control over the source and nature of the software and hardware being utilized by smart connected devices,” said Ruggero Contu, research director at Gartner.

“We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing. In addition, organizations will look to increase their understanding of the implications of externalizing network connectivity. These factors will be the main drivers of spending growth for the forecast period with spending on IoT security expected to reach $3.1 billion in 2021.”

When considering how to strategically leverage cyber risk as a business advantage, researchers believe that companies should take into account the following:

- Rethink the approach. Consider the end-to-end process and evaluate cyber risk at the earliest stages of innovation to drive business transformation.

- Utilize automation, robotics and analytics to manage velocity and scale in domains such as IoT and mobile.

- Use digital identity to manage human and machine credentials.

- Focus on user experience and usability to drive adoption and simplify design, mitigating cyber risk at the outset.