Companies are looking at ways to expand the IoT network, turning IoT devices into nodes of connectivity that users have the option of connecting to expand the network. Whether consumers will embrace this remains to be seen.
Shadow IT – the practice where individuals or departments in a company buy, install and run hardware or software outside of the IT department’s knowledge or control – is a problem for many companies. Now, says ZK Research, shadow IoT – which involves using unauthorised IoT devices on an organisation’s network – is a growing problem. The research shows 61 per cent of IT teams have no or low confidence in knowing which devices are connected to their network.
IoT devices are double trouble, according to Nokia. In 2020, IoT devices represent 32.7 per cent of infected devices on mobile networks. That is more than double the 16.2 per cent share they represented in 2019.
It may seem obvious that IoT devices should be segregated from your core network, given reports of the security risks they represent. But a more granular approach is probably better, says Sean Tufts, practice director of ICS and IOT security at Optiv Inc. The criticality of the device and its importance in your operation should determine your approach. That allows you to get the best – and most secure – return for your efforts.
The Australian government hopes to make the IoT more secure. It issued a voluntary code of practice to help industry in the country design secure IoT devices. Called ‘Code of Practice: Securing the Internet of Things for Consumers’, the code encourages manufacturers to make devices that comply with Australia’s privacy laws, build strong passwords into devices and use two-factor authentication.
The European Commission has launched an inquiry into consumer products and services linked to the Internet of Things. The EU wants to determine if there is a concentration of power in the sector that is hampering competition, and is currently surveying companies throughout the region in advance of a preliminary report in 2021.
By 2025, there will be 41.6 billion IoT devices globally. Users of this tech can have a hard time knowing how secure their IoT choices are. In response, the US government has passed the IoT Cybersecurity Improvement Act of 2020. The act applies to any companies that sell IoT products to the US federal government and sets standards for disclosure of weaknesses, increasing transparency. This is seen as the first step to developing better device security, and the benefits are expected to spread to consumer devices.
The National Cyber Security Alliance (NCSA) has released a survey of users’ IT security habits that shows some notable differences in the way younger (18–34 years old) and older (50–75 years old) users deal with security. For example, older respondents feel less confident than average in the security of the connected devices in their home, while nearly half of the younger set are very confident. And 42 per cent of older respondents say they never use public Wi-Fi.
Security firm Bitdefender says it identified more than 9,000 devices – mostly running Android – that had been co-opted into Interplanetary Storm, a botnet used to create a for-profit proxy service, probably for anonymous Internet use. The malware propagates by attacking Unix-based systems (Linux, Android and Darwin) that run Internet-facing SSH servers with weak credentials or unsecured ADB servers.
Telecommunications company Vodaphone found 84 per cent of companies surveyed said that IoT made business continuity easier during the disruptions of the COVID-19 pandemic. The benefits of IoT are not just in the short term, though. Seventy-three per cent of mature adopters said IoT has delivered a significant return on investment.
Follow us on Twitter – @ColContent