Andrew Parkin-White explores the issues surrounding IoT security and how the Covid-19 virus will affect its development. This article is based on an original published by the Mobile Ecosystem Forum.
IoT security has become an ever-increasing key to growing the overall IoT ecosystem. It is very apparent that enterprises are facing a series of ongoing challenges with IoT security; and because COVID-19 has caused such huge changes to social structures and business practices, there is a clear and immediate impact on how enterprises manage IoT security in the new environment.
The question is therefore, will IoT security become more of an issue as enterprises potentially become more vulnerable?
Before the virus hit, research by Microsoft research revealed that 97% of enterprises cited security as one of their key concerns. And a survey by the GSMA identified security as one of the top three challenges for mobile operators to overcome.
The cybersecurity industry is facing a very new challenge of being confronted by a pandemic that is driving new cyber threats, and the importance of IoT security is growing as we begin to understand the potential impact of Covid-19 prompted threats on IoT applications. Given the backdrop of the true scale of security breaches not being evident, with a reluctance for enterprises to report them, it is clear that IoT application development has to be founded on the inclusion of IoT security as a core component.
Cybercriminals know this and are able to exploit new vulnerabilities in the security of medical facilities, homes, offices and manufacturing. We are seeing that the frequency of attacks is increasing and enterprises needing to increase their vigilance.
As previously disconnected environments are connecting, driven by digital transformation and operational demands, an enterprise may not have a deep understanding of the breadth of IoT security requirements. Existing IT teams may come from a background where they fail to grasp the extent of security requirements in connecting things outside the boundaries of traditional corporate networks. IoT security clearly raises some very real concerns at a time when the focus of the enterprise IT teams are on maintaining critical services, and this may well push IoT security onto a backburner.
The dramatic increase in home working in particular is placing pressures on existing security with a less secure environment through broader access from the home to enterprise infrastructure. COVID-19 is also prompting governments to rethink physical security with a surveillance infrastructure to enforce coronavirus quarantines, with a consequent impact on secure links to IoT devices.
There are also specific vertical market IoT security concerns. Major safety concerns could result if a vehicle or medical device is hacked. With increased IoT spending in urgent healthcare during the pandemic, these systems may lack the latest security updates and patches and become vulnerable to hacks and ransomware attacks. Critical infrastructure may also be the subject of attacks particularly in light of reduced workforces leading organisations to look at increased automation.
Perhaps one of the most important points to note is that the changes to the way that businesses and employees work are not likely to be transient. They are permanent.
IoT security and should be at the forefront of the CIO agenda as the impact of COVID-19 progresses and we may well be at the point where organisations need a fundamental rethink with reduced workforces, new working practices and increased threats. On a positive note, more forward-thinking organisations are seeing the new status quo as a catalyst to embrace digital transformation with IoT playing a key role. Naturally, IoT security needs to be firmly in the spotlight to support enterprises through the challenges of the pandemic and beyond, as a key enabler for future initiatives.