Securing IoT assets

11 May 2022

Craig Price, SVP mobility products and marketing at Console Connect by PCCW Global

Craig Price, SVP mobility products and marketing at Console Connect by PCCW Global

Already, 2022 is the year of Internet of Things (IoT). The widespread adoption of these devices shows no signs of slowing down. In fact, as revealed by IDC, IoT spend in Europe hit US$202bn in 2021 and will continue to grow in double-digits throughout the next four years.

The development and speed of adoption of IoT technology will also have an immense impact on businesses that are looking to improve cost efficiency and productivity. We’ve seen significant investments in IoT-related developments from the hyperscalers, such as Amazon’s updates to long-distance wireless protocol and IoT RoboRunner. Strategic moves from big players sends a clear signal that the market will expand even further this year.

Inevitably, with greater reliability on IoT in the enterprise, the amount of collected data will also increase. But how can businesses ensure data safety and protect their network of connected devices?

Who takes responsibility?
With more devices added to the IoT ecosystem, there is greater exposure to a variety of threats. As the devices aren’t patched regularly and come with default passwords that aren’t often changed, threat actors can easily access these devices and use them as a backdoor into a network, and infect them with malware to create a botnet for the purpose of a DDoS attack. It doesn’t come as a surprise that there is a growing pressure on IoT security, as governments and watchdog organisations continue to push new regulations. Much of this pressure is likely to fall on supply chain and device producers.

For instance, the UK’s recent bill will require manufacturers and distributors to comply with new security requirements – for instance ensuring that consumer connectable products are more secure against cyber-attacks, protecting individual privacy and security. Although these legislations point in a positive direction, the change won’t happen overnight. Enterprises can’t simply sit and wait for more secure devices to enter the market.

Meanwhile, the massive volumes of data businesses produce and store via IoT can only be processed in the cloud. Therefore, securing sensitive information needs to be every enterprise’s priority. With increasingly complex IT environments, end-to-end device connectivity will also pose more challenges, often involving a combination of local and international connections, public internet, mobile and Wi-Fi networks, and private and public clouds.

Risks of unsecure IoT
Unsecured IoT devices have been used as attack vectors for some of the largest DDoS attacks over the last few years, which shows that customers must be wary of not only having their network penetrated, but also being used as an attack surface.

IoT networks are an extension of an organisation’s network and typically need more security since IoT devices can physically be located anywhere. Compromised networks are costly, whether it be harm to reputation or worse. Attacks are becoming more sophisticated, to take advantage of how vast and physically dispersed IoT networks can be – security threats include IoT botnets and ransomware.

Furthermore, IoT system’s attack surface can be significant with endless connections to data centres and clouds. To protect such an interconnected web, businesses need solutions that are scalable and grow along with an organisation’s network.

Many IoT devices break into the internet using old security protocols. In an ideal world, the safest way to protect your IoT device is to get it off the internet. By doing so, this removes the ability to attack the IoT network from a random internet location. In fact, IoT devices can be connected directly to the cloud and back again, without going through any internet.

Companies can securely connect and transfer IoT data from device to designated data clouds or data centres over a private interconnection. By using a global connectivity platform that enables secure and flexible connection between assets, companies are empowered to activate (or deactivate) devices in real-time, have control over service configuration and traffic monitoring and gain better visibility over the IoT network.

It’s likely that we’ll see more and more IoT-driven enterprises in the near future. With complex ecosystems of devices and ever-increasing amounts of data generated, companies need solutions that will not only protect customers but also organisations themselves. By removing the IoT network from the internet, IoT security is greatly improved. Let’s make 2022 the safest year of IoT.