IoT Security: Lack of best practices will cost you

IoT Security: Lack of best practices will cost you

Five IoT security best practices help organizations ward off security missteps and mitigate costs when they do occur

81 readers like this


December 14, 2018
Internet of Things mobile phone wifi

As the saying goes, "the only unfair fight is the one you lose.” When companies deploy  Internet of Things devices, whether they know it or not, they enter a war with attackers. Without a proper plan, the right technologies, and flawless execution, they will eventually fall victim to an attack. As with any battle, winning requires planning, having experts within their field, securing assets, and executing with precision.

The 2018 State of IoT Security report, conducted in September 2018 by ReRez Research and commissioned by DigiCert, Inc., queried 700 enterprise organizations in the US, UK, Germany, France, and Japan from across critical infrastructure industries. The findings: The fight is on, and enterprises are incurring significant economic losses from the lack of implementing best practices as they deploy IoT. Among companies surveyed that are struggling the most with IoT security, 25 percent reported losses of at least $34 million in the last two years.

Enterprises are rapidly adopting IoT devices: 83 percent of respondents indicated IoT is extremely important to them currently, while 93 percent said they anticipate IoT to be extremely important to their organizations by 2020.

Yet 82 percent of respondents stated they were somewhat to extremely concerned about security challenges. Many enterprises are struggling with the process of securing IoT devices.

Integrating security from the beginning, and all the way through the implementation process, is key to mitigating the rising attacks. Meticulous attention to authentication, encryption, and integrity of IoT devices and systems will help ensure IoT is reliable and secure. Public key infrastructure and digital certificates can serve as key tools in this fight.

Top vs. bottom performers: Security incidents

To give visibility to the specific challenges enterprises are encountering with IoT implementations, respondents were asked about IoT security incidents their organizations experienced within the past two years. The organizations were then divided into three tiers:

  • Top-tier: enterprises that experienced fewer problems with a greater ability to mitigate specific aspects of IoT security
  • Middle-tier: scored in the middle range with their IoT security results
  • Bottom-tier: experienced more problems, and were much more likely to have IoT security missteps

The difference between the top and bottom tier was clear. Every bottom-tier enterprise experienced an IoT-related security incident during that timeframe, compared to only 32 percent of top-tier companies.

The bottom-tier enterprises were also more than six times as likely to have experienced IoT-based Denial of Service attacks and more than six times as likely to have experienced unauthorized access to IoT devices.

Among companies that suffer the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years. The top five areas for costs incurred within the past two years were monetary damages, lost productivity, legal/compliance penalties, lost reputation, and stock price.

5 best practices for IoT security

Although the top-tier enterprises experienced some security missteps, almost 80 percent reported no costs associated with those missteps. Top-tier enterprises attributed their security successes to these best practices:

  1. Encrypting sensitive data
  2. Ensuring integrity of data in transit
  3. Scaling security measures
  4. Securing over-the-air updates
  5. Securing software-based encryption key storage

Make no mistake, when IoT devices are deployed, they enter a combat zone. Implementing IoT security best practices, like authentication and identity, encryption and integrity, are the best ways to ensure organizations are protected and secure. This study shows organizations that implement security best practices perform far better against the risks and mitigate losses from attacks on connected devices. That has a direct effect on the bottom line.

[ Why is adaptability the new power skill? Read our new report from HBR Analytic Services: Transformation Masters: The New Rules of CIO Leadership ]

Mike Nelson is the VP of IoT Security at DigiCert, a global leader in digital security.  In this role, Nelson oversees the company’s strategic market development for the various critical infrastructure industries securing highly sensitive networks and Internet of Things (IoT) devices, including healthcare, transportation, industrial operations, and smart grid and smart city implementations.

7 New CIO Rules of Road

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Dan Roberts
August 20, 2019

Labeling skills as soft undervalues them. To prioritize skills such as communication, IT leaders must call them what they are in the digital era: Core.

Submitted By Stephanie Overby
August 20, 2019

Keeping calm under pressure can test even the best leaders. Try these four practical techniques to apply your emotional intelligence the next time a coworker or situation hits a nerve.

Submitted By Al Sene
August 20, 2019

Have you updated your management style for the era of remote work? As more developers work remotely, here’s how IT leaders can foster productivity and job satisfaction.


Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.