IoT Security: Lack of best practices will cost you

Five IoT security best practices help organizations ward off security missteps and mitigate costs when they do occur
426 readers like this.

As the saying goes, "the only unfair fight is the one you lose.” When companies deploy  Internet of Things devices, whether they know it or not, they enter a war with attackers. Without a proper plan, the right technologies, and flawless execution, they will eventually fall victim to an attack. As with any battle, winning requires planning, having experts within their field, securing assets, and executing with precision.

The 2018 State of IoT Security report, conducted in September 2018 by ReRez Research and commissioned by DigiCert, Inc., queried 700 enterprise organizations in the US, UK, Germany, France, and Japan from across critical infrastructure industries. The findings: The fight is on, and enterprises are incurring significant economic losses from the lack of implementing best practices as they deploy IoT. Among companies surveyed that are struggling the most with IoT security, 25 percent reported losses of at least $34 million in the last two years.

Enterprises are rapidly adopting IoT devices: 83 percent of respondents indicated IoT is extremely important to them currently, while 93 percent said they anticipate IoT to be extremely important to their organizations by 2020.

Yet 82 percent of respondents stated they were somewhat to extremely concerned about security challenges. Many enterprises are struggling with the process of securing IoT devices.

Integrating security from the beginning, and all the way through the implementation process, is key to mitigating the rising attacks. Meticulous attention to authentication, encryption, and integrity of IoT devices and systems will help ensure IoT is reliable and secure. Public key infrastructure and digital certificates can serve as key tools in this fight.

Top vs. bottom performers: Security incidents

To give visibility to the specific challenges enterprises are encountering with IoT implementations, respondents were asked about IoT security incidents their organizations experienced within the past two years. The organizations were then divided into three tiers:

  • Top-tier: enterprises that experienced fewer problems with a greater ability to mitigate specific aspects of IoT security
  • Middle-tier: scored in the middle range with their IoT security results
  • Bottom-tier: experienced more problems, and were much more likely to have IoT security missteps

The difference between the top and bottom tier was clear. Every bottom-tier enterprise experienced an IoT-related security incident during that timeframe, compared to only 32 percent of top-tier companies.

The bottom-tier enterprises were also more than six times as likely to have experienced IoT-based Denial of Service attacks and more than six times as likely to have experienced unauthorized access to IoT devices.

Among companies that suffer the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years. The top five areas for costs incurred within the past two years were monetary damages, lost productivity, legal/compliance penalties, lost reputation, and stock price.

5 best practices for IoT security

Although the top-tier enterprises experienced some security missteps, almost 80 percent reported no costs associated with those missteps. Top-tier enterprises attributed their security successes to these best practices:

  1. Encrypting sensitive data
  2. Ensuring integrity of data in transit
  3. Scaling security measures
  4. Securing over-the-air updates
  5. Securing software-based encryption key storage

Make no mistake, when IoT devices are deployed, they enter a combat zone. Implementing IoT security best practices, like authentication and identity, encryption and integrity, are the best ways to ensure organizations are protected and secure. This study shows organizations that implement security best practices perform far better against the risks and mitigate losses from attacks on connected devices. That has a direct effect on the bottom line.

[ Why is adaptability the new power skill? Read our new report from HBR Analytic Services: Transformation Masters: The New Rules of CIO Leadership ]

Mike Nelson is the VP of IoT Security at DigiCert, a global leader in digital security.  In this role, Nelson oversees the company’s strategic market development for the various critical infrastructure industries securing highly sensitive networks and Internet of Things (IoT) devices, including healthcare, transportation, industrial operations, and smart grid and smart city implementations