As 5G’s deployment continues to increase throughout the country and around the world, the number of IoT devices is similarly expected to multiply. These two technologies are intertwined. A recent analysis by Statista showed the number of worldwide IoT devices increased to 8.74 billion in 2020. IoT will play an important role in improving industries such as transportation and logistics, industrial operations, healthcare, public safety and security.
That being said, the growing number of IoT devices is also a double-edged sword. As they increase in numbers and more Things show up on an organization’s network, cybercriminals have a larger attack surface to infiltrate as they attempt to gain broader access to the networks these devices live on. With the proliferation of these devices, some as small or even unknowable as a fishbowl sensor, it’s easy for even the best cybersecurity teams to miscalculate the number of devices on their network, leaving their flank extraordinarily vulnerable to attack.
Luckily, AI and automation are friends of security teams. When utilized properly, these technologies can recognize IoT vulnerabilities and remedy them at extremely efficient speeds to help security teams sleep better at night.
The Fish Bowl Story
There’s a famous IoT security anecdote that illustrates how a seemingly benign device can wreak havoc on an organization. At a casino in North America, there was a fish tank that had sensors connected to the internet in order to regulate the temperature, food and cleanliness of the tank.
Hackers gained access to the casino’s network through the tank and then migrated to more sensitive parts of the network to steal the casino’s data.
This story serves as a perfect example of the increasing attack surface security teams must defend against. It also serves as a warning: cybercriminals are becoming more treacherous and clever in their hacks.
Without investing in resources that can defend against hackers, security teams are fighting a battle that’s already lost.
Unforeseen Challenges & Lack of Resources Spent
The onus of cybersecurity shouldn’t just fall on an organization’s security team. While CISOs have invested billions in securing desktops, servers, and web/cloud properties, they’ve largely ignored securing IoT devices. 30 percent of organizations’ networks are made of Things, and they haven’t spent even a fraction of that billion-dollar investment securing them.
Not any investment will suffice, however. Organizations can try to hire more manpower to bolster their security teams, identify all the devices on their networks and work manually to secure them. But, in the end, the act of manually securing these Things is unfeasible for the majority of security teams.
Let’s say there are 30,000 IoT devices on a network and each one takes four hours per year to secure by hand. That’s 120,000 man-hours per year. For an IT security team of four people, that’s simply unrealistic.
Alexa, on the other hand, is one of the most secure IoT devices in the world. That’s because Amazon has thousands of employees dedicated to these devices. Many organizations do not have those types of resources.
One resource that offers security teams an efficient alternative to tightening a company’s IoT vulnerabilities is artificial intelligence and automation.
The Power of AI and Automation
AI technologies assist a security center’s team in monitoring their network continuously and provide greater visibility into what devices are located on their network. This technology can adapt to previous attacks to provide an analysis of what future attack scenarios might look like.
When deployed properly, this technology can also automatically rotate credentials and patch firmware to remedy vulnerabilities for IoT devices before hackers can even think about infiltrating these Things.
AI and automation offer organizations greater levels of security for their IoT devices without requiring additional manpower.
In the first quarter of 2021, there was three major IoT manufacturer hacks with Verkada, Ubiquiti, and Sierra Wireless. These attacks are only going to increase with frequency as the attack surface further expands and hackers become more creative in exploiting loopholes.
It’s unlikely these Q1 hacks will change behavior overnight, but perhaps they will raise awareness of IoT’s main vulnerabilities. Verkada, in particular, should sound the alarm as people saw a private video that should not have been available to the public in the wake of the hack.
With the attack surface increasing for hackers, the time for improved IoT device security is now. Artificial Intelligence and automation is the tool that can make all the difference in helping understaffed security teams.
