Archon Secure Blog

Has the IoT Explosion Made it Impossible to Stay Secure?

Written by Archon Secure Team | Apr 5, 2022 1:00:00 PM

Today, there are an estimated 23.14 billion connected devices online.

By 2025, that number is expected to expand to 75.44 billon. According to PwC, $6T will be spent on IoT solutions between 2015 and 2020.

Every industry enjoys the operational advantages of the Internet of Things (IoT), but the security danger is not even close to being fully appreciated.

 

Anything can be monitored via the IoT, and each connection is a potential security threat.

 

For example, cyberattacks on industrial control systems (ICS) increased 110 percent in 2016, and the number of attacks is predicted to grow as more systems connect to the IoT.

 

In a world where cybersecurity is clearly a priority, the IoT risk security ratio is astonishingly high.

 

Built insecure

To work in an efficient and inexpensive manner, IoT sensors are by nature low-end, and most lack the computing power to support encryption.

 

Manufacturers simply haven’t considered this a priority, a reality that leaves a gaping hole in operational security.

 

🔎 Related Article: IoT Security Issues: Legacy Hardware and Software.

 

Cybercriminals always seek easy entry, and the IoT path of least resistance may lead to the sabotage of devices and operational technology (OT) systems that control critical equipment and infrastructure.

 

The results could be disastrous, from major systems failures to entire power grids being brought down.

 

Widespread IoT risk

Any enterprise that uses IoT devices probably has them linked to their internal network. This creates one of the weakest - and most overlooked - areas of security for any organization.

 

Breaking into a company through somebody’s laptop is very difficult since security is already embedded or layered in. However, sensors and cameras at the fringes have no encryption at all. It’s like having a huge padlock on the front door while leaving the back door wide open. Hackers know this and increasingly focus their attacks there.

 

For example, in the oil and gas industry, online sensors monitor pressure along entire pipelines. Serious danger exists not only in terms of data exposure, but to human physical safety as well.

 

Any IP connected device can be breached, including sensors, cameras, microphones, baby monitors, automation projects, automobiles -- and the list goes on.

 

Wearable and healthcare IoT device risk

Wearable devices, such as FitBit bands or Apple watches, are not necessarily a security risk until they are connected to a network, for instance to a corporate phone via Bluetooth.

 

However, wearables that monitor personnel movement or patients within a hospital are a growing security concern.

 

Given the expansion of wireless monitors and devices dedicated to patient care, the security risk in this sector has grown larger than ever.

 

🔎 Related Article: IoT Security: Hardware or Software?.

 

Mobile firewalls - a solution for today

The lack of security built into most IoT devices makes them one of the largest vulnerabilities facing the enterprise.

 

One solution is a mobile firewall which protects data transmission whether for enterprise collection or personal data. Mobile firewalls help secure data originating from the IoT device, which is then sent to a collection point.

 

Tools like Archons’ GoSilent Cube encapsulate information and traffic within a secure IPsec tunnel and secure the data transmission. It acts as a stateful firewall which means only traffic that has been sent out is allowed back in. Any attack on the device is denied by GoSilent. The end result is that the collective corporate firewall gets sent out to devices on the edge.