The IoT Security Challenge for Enterprises

While enterprises are preoccupied with the security risks of IoT devices, according to data, they continue to shortcut means to securing their IoT environments.

Written by Churck Martin
19th April 2021

As the proliferation of Internet of Things (IoT) devices throughout the enterprise continues, security issues won’t go away.

On the positive side, tech professionals are quite aware, especially as they witness the skyrocketing growth in the number of connected devices throughout their organizations.

By 2025, Statista estimates the total installed base of connected IoT devices globally will reach just more than 30 billion units, up from about 13 billion units this year, while IDC estimates there will be more than 55 billion connected IoT devices by that time.

No matter the range of estimates, the number of IoT devices projected is massive.

Security is hardly a new issue in technology, but it’s becoming a more important one.

A recent study found that 99% of security professionals are finding challenges with the security of their IoT and IIoT devices.

Discovering and remediating vulnerabilities was the top challenge, cited by 66% of those in the Tripwire survey of 312 security professionals responsible for the security of IoT devices at their company conducted, an enterprise security and compliance company.

Other challenges were tracking inventory of IoT devices on the network, validating compliance with security policies, establishing secure configurations, detecting changes on the devices and gathering forensic data after an incident.

Ninety-five percent of security professionals are concerned about the security risks associated with their connected devices, with nearly half of those being “very concerned.”

The tough part is that IoT devices are not necessarily a neat fit into existing security approaches. Exactly half of the organizations follow National Institute of Standards and Technology (NIST) security standards for device manufacturers.

A Verizon study by of public-sector organizations also identified the security risk-awareness factor of IoT devices.

That study, comprising a survey of 856 professionals responsible for buying, securing and monitoring IoT and mobile devices for their organization, found that half of IoT professionals say IoT devices pose a high or significant risk to their organization.

More than a third of public-sector organizations have 1,000 or more IoT devices in use and seven percent have 10,000 or more, according to the Verizon Mobile Security Index.

Mobile technology and IoT devices are used by local, state and federal government agencies to help improve service delivery with smart IoT devices transforming public services and enabling smart city infrastructure.

But here’s the big catch: 67% of them say they have sacrificed security to “get the job done.”

Reasons for cutting corners were responding to COVID-19, needing to meet profit targets and expediency or time pressure.

More than a quarter say their organization had already suffered a compromise involving an IoT device.

If an organization finds its IoT security seriously compromised at some point, it may not be due to the actual technology.

The pressures of cutting corners or not doing IoT device security end-to-end in all cases could be due to pressures of the business.

The message from top management of an organization has to be that for IoT device security, shortcuts are not allowed.

If there is a significant IoT device security issue somewhere down the road, the post-crisis analysis should include the root business causes and why, or who, drove the cutting of corners.