Problems with IoT Security May Be Costing You Money — but How Much?

It’s no fun losing money. But when it comes to securing your IoT (Internet of Things) endpoints and defending your network from cyberattacks, you might be losing a lot, year over year. In DigiCert’s recently released 2018 State of IoT Security survey, 700 organizations around the world were surveyed to find out how enterprises are handling IoT security. What they found should be a wake-up call for all companies. 

The Problem: Multiplying Points of Entry for Hackers 

IoT makes processes, automation, and data collection extremely efficient. Unfortunately, it also makes things easier for hackers. We will soon have over 80 billion connected devices in the world. That means an enormous threat surface to defend—one that’s growing faster than most can keep up. In fact, we’re already seeing wave after wave of DDoS attacks, often taking advantage of IoT devices. And if the experts are right, this is just the beginning.   

Hackers Are Finding Your Weak Spots 

The survey reveals how security failures at companies are impacting their ability to resist attacks. Respondents were asked about IoT-related security mishaps their organizations experienced within the past two years. As you might expect, companies struggling the most with IoT implementation are much more likely to experience IoT-related security incidents. Companies that were the least successful in IoT security were: 

• 6x more likely to have experienced IoT-based Denial of Service attacks 
• 6x more likely to have experienced unauthorized access to IoT devices 
• 6x more likely to have experienced IoT-based data breaches 
• 4.5x more likely to have experienced IoT-based malware or ransomware attacks 

But what does that translate to in terms of a real-dollar-hit to the bottom line? 

IoT Security Losses Add Up 

Among the companies struggling the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years. The top-five areas for costs incurred included: 

• Monetary damages  
• Lost productivity  
• Legal/compliance penalties  
• Lost reputation  
• Stock price  

Keys to Successful IoT Security  

The survey indicates the most common security measures practiced by the most successful companies in IoT security are authentication and identity, encryption, and data integrity. The results present a strong case, that good security practices have a real impact. These security successes are due to the following practices: 

• Encrypting sensitive data 
• Ensuring integrity of data in transit 
• Scaling security measures 
• Securing over-the-air updates 
• Securing software-based encryption key storage 

5 Things you Should be Doing to Secure your IoT Endpoints 

This survey highlights security best practices to help companies with IoT to realize success. Below are a few recommendations to help you implement good security practices: 

1. Review risk: Analyze all types of connected devices that are or could be connected to your network and what purpose connectivity serves.  
2. Encrypt everything: Make end-to-end encryption a product requirement to ensure this key security feature is implemented in your IoT projects.  
3. Authenticate always: User-initiated authentication schemes tend to be clumsy and rely upon an untrained person to properly authenticate. Using digital certificates helps to provide seamless authentication with binded identities tied to cryptographic protocols.  
4. Instill integrity: Make sure that you are accounting for the basics of device and data integrity: a secure boot every time the device starts up, secure over-the-air updates to device firmware, and make sure only signed, tamper-proof code may run on the device.  
5. Strategize for scale: Make sure that you have a scalable security framework and architecture ready to support your IoT deployments.   

Don’t Wait to Tighten Your Security 

Despite the ever-expanding threat surface brought on by IoT, you can build and sustain a successful cybersecurity strategy now by implementing key security features such as authentication, encryption and integrity via digital certificate.