Securing IoT: Know your network, protect your network
Do you think about the need to secure IoT? It could be a patient monitor, a security camera or a lighting system; every connection to the network is a potential route for attackers. This is quite a new concept to many, but it’s a very real problem. From 3,100 companies surveyed by HPE Aruba, 84 per cent reported experiencing an IoT-related breach.
Across industries like healthcare, government, manufacturing and retail – there are literally thousands of use cases that are relying on IoT. Each one demands a different type of device, potentially a different security protocol, and this creates endless threats.
We need to be able to see these devices, and where they’re connecting, to be able to protect them.
Below is a ‘top 4’ list of industries that have suffered the most IoT-related breaches, with further detail on how IoT is being used in each. This gives an idea of the challenge we face.
1. Healthcare: 89 per cent have suffered an IoT related security breach
By 2019, 87 per cent of healthcare organizations will have adopted IoT technology. Patient monitors and X-ray/imaging devices are some of the most-used IoT devices, to create services like location tracking and remote control of devices.
Knowing the location of medical devices is a huge benefit to patient wellbeing, but security fears cast a big shadow. Nearly half (49 per cent) of healthcare companies reported malware issues on their devices, and 39 per cent reported that human error led to an IoT-related security breach.
2. Government: 85 per cent have suffered an IoT related security breach
When adding new elements to a city infrastructure, governments must balance old and new technology. In the case of IoT, it’s about balancing legacy tech with a secure network to create the smart city, and 49 per cent of government workers find this a particular challenge. Governments are further behind in their adoption of IoT than some industries; 35 per cent of IT decision makers within government roles claim that leadership has little or no understanding of IoT.
This lack of understanding, with limitations of legacy technology within cities and security risks associated with IoT implementation are presenting a huge challenge to the wider development of the smart city.
3. Manufacturing: 82% have suffered an IoT related security breach
The industrial sector understands the need for systems, processes and machines to remain interconnected. For this to happen manufacturers must interconnect and automate services where they can, but right now this could be done more securely. Of those who have already suffered an IoT related security breach, 50 per cent were malware related and 40 per cent were due to human error.
This is a gap that needs closing, particularly as manufactures look to connect devices such as chemical sensors and picking systems to reduce operational risk and maintain operating infrastructures.
4. Retail: 76 per cent have suffered an IoT related security breach
Over half (56 per cent) of retailers who have implemented IoT in their stores are allowing personal mobile devices to access the network in order to enhance the customer experience. Getting in-store promotional messages, based on location, is huge business and IoT can enable that.
But taking into account the 41 per cent of retailers who have already suffered from an IoT related attack because of malware issues, it’s clear that they need to find a middle ground between consumer benefits and protecting their network from attack.
Total network visibility
Across all of these industries, it’s clear that companies need more information about the devices connecting to their network. Network managers require the ability to create policies/permissions around each of them, so that if a device is compromised by malware or human error, it can be identified and removed from the wider network.
When I am speaking with customers, no matter what industry, I’m hearing the same thing. Everyone wants to be fully customized in terms of how they approach the network, while staying secure.
To get there, the network must be totally visible. When analysed and accessed, the information gathered should give you the opportunity to be more granular in pinpointing and securing devices with different levels of threat, while granting different levels of access to different users.
IoT within business is already happening and the growth of its use across all industries is inevitable. Businesses shouldn’t let security threats be the barrier between a market leading or non-competing company, particularly as there are existing solutions to turn IoT into opportunity, not threat.
Jose Vasco is the Regional Director, MEMA at Aruba, a Hewlett Packard Enterprise company.