Leo PortalIn the realm of smart city innovation and the IoT security emerges as a critical concern. Studies, such as the one commissioned by Viakoo, shed light on the vulnerabilities prevalent in IoT networks. Key findings reveal that a significant portion of IT leaders grapple with IoT’s security challenges, with half expressing concerns about its susceptibility within their security frameworks. Moreover, the study highlights a staggering 50% of businesses encountering cyberattacks targeting IoT infrastructure, a concerning trend that jeopardizes business operations. Kunal Modasiya, a cybersecurity expert at Qualys, emphasizes the dynamic nature of IoT security, emphasizing the need for real-time risk assessment to counter threats posed by rogue devices.
Addressing these vulnerabilities demands a multifaceted approach, as underscored by Sarah Jones, an analyst specializing in cyber threat intelligence. She advocates for comprehensive strategies encompassing risk assessments, zero-trust frameworks, and automated patching mechanisms. Furthermore, John Bambenek, President of Bambenek Consulting, suggests leveraging case studies to elucidate the tangible impacts of IoT breaches, crucial for board-level understanding and decision-making.
In navigating the complexities of IoT security, it becomes evident that proactive measures, informed by robust risk assessments and collaboration with trusted vendors, are imperative. Organizations must prioritize remediation efforts, bolstered by effective communication strategies to garner stakeholder buy-in and ensure the resilience of IoT ecosystems against emerging threats.
Half of IT leaders think that the Internet of Things (IoT) is the weakest component of their security efforts.
The study, which Viakoo commissioned, provides important insights into the state of IoT security and the difficulties facing IT and security executives. Additionally, according to the survey, 50 % of businesses have experienced IoT cyberattacks over the past year, with 44 % being severe and 22 % putting their business operations at risk.
Because these devices come and go and frequently include rogue devices that don’t need access ( such as a smart toothbrush in an employee’s backpack ), there is a “real-time” factor to the risk assessment of IoT security, according to Kunal Modasiya, vice president of product management, cybersecurity asset management at Qualys.
Some businesses rely solely on IP scanning or API-based integrations for their asset inventory, which cannot track those devices in real-time, to gain visibility into IoT devices on their networks.
The implementation of the appropriate technology stack for Wifi security is the key to addressing these flaws, according to the Viakoo report. Only a third ( 35 % ) of IT leaders feel successful in their efforts to fix IoT vulnerabilities, despite 90 % of IT leaders believing agentless security solutions are essential. Moreover, 71 % of IT leaders regret not launching their Wifi security plans in a way that will speed up the remediation of vulnerabilities.
Additionally, 83 % of IT leaders support a corresponding remediation strategy and acknowledge that their attack surface has grown incrementally.
Comprehensive Risk Mitigation Strategies for IoT Security
According to Sarah Jones, an analyst for cyber threat intelligence research at Critical Start,” to build confidence in IoT security plans requires a multidimensional approach that includes numerous strategies and tactics to properly mitigate risks and safeguard organizational assets.”
The security expert added that, in addition to prioritizing vulnerabilities based on impact and exploitability, conducting ordinary risk assessments, and putting forth a zero-trust strategy. While standardizing configurations and incorporating security into device development helps address vulnerabilities quick, automating vulnerability scanning and patching speeds up remediation. For continuous security updates, working with trusted vendors is also important.
The best tools for IoT discussion are case studies of near-peers who have encountered issues, according to John Bambenek, President of Bambenek Consulting.
Boards “know that a competitor had an IoT breach that caused the company to go offline for days, leading to shed revenue,” but they are never going to comprehend the specifics of an embedded operating system. Clearly demonstrate that others have taken advantage of the risks, and at what cost?
