Insecurity in the implementation of IoT generates damages to companies
- Feb 25, 2019
- 126 views
In companies, the lack of good practices in the implementation of the Internet of Things (IoT) in the management process can lead to significant losses. This is what a study led by DigiCert in partnership with ReRez Research says. The survey surveyed 700 companies from the US, UK, Germany, France and Japan. Twenty-five percent reported that losses due to security vulnerabilities amount to close to $ 34 million since 2016.
Among the companies participating in the study, 83% believe that IoT is extremely important today, and 92% believe that technology will be important within companies over a two-year period. When it comes to security and privacy, 82% of respondents said they are extremely concerned about issues such as system integration and the growing amount of data. "Enterprises fully understand the reality that Internet of Things is there and will continue to revolutionize the way we live, work and recreate," said Mike Nelson, vice president of Security for IoT at DigiCert.
Among the companies characterized by the study as being the most likely to face IoT security problems, the risks are as follows:
- Probability of more than six times of having suffered denial of service attacks based on IoT;
- Probability of more than six times of occurrence of unauthorized access to IoT devices;
- Probability of almost six times of having data breaches based on IoT; and
- 4.5 times chance of having malware or ransomware based on IoT.
- One in four of these companies also reported losses in excess of US $ 34 million in the last two years, and the following areas were the ones that most caused losses due to security breaches in IoT:
- Loss of productivity;
- Legal and compliance penalties;
- Loss of reputation; and
- Stock price.
Among the companies classified as less likely to face IoT security problems, about 80% reported not having recorded financial impacts. The practices related to the successful safety of these organizations were as follows:
- Cryptography of confidential data;
- Ensuring the integrity of data in transit;
- Dimensioning of security measures;
- OTA (Over-the-air) update protection; and
- Software-based key storage protection.
"When it comes to accelerating IoT deployments, it's critical that companies strive to balance revenue efficiencies and maintain security and privacy," says Nelson. "The study shows that companies adopting the best security practices are less exposed to the risks and damage of attacks on connected devices. Meanwhile, these best IoT security practices, such as authentication and identity, encryption and integrity, are on the rise and companies are beginning to realize what's at stake. "
According to the survey, there are five different habits that can improve the performance of companies in relation to the security of IoT's implementation:
- Review the risk: It is always recommended to use the penetration test to get a realistic picture of the risks that the connected devices are exposed to. After risk assessment, a list of priorities should be developed to address the security concerns encountered, such as authentication and encryption.
- Encryption: Always make sure that all data kept by the company is encrypted at rest and in transit. End-to-end encryption must be a product requirement, ensuring the implementation of this security feature in all IoT projects.
- Authentication: To ensure that authentication schemes allow only reliable connections to the IoT device, it is important to review all connections established on your device. The use of digital certificates can provide assistance in continuous authentication with associated identities linked to cryptographic protocols.
- Data Integrity: Device basics and data integrity should be considered to include safe boot whenever the device is started. Protection in OTA updates and the use of code signing should also be considered, ensuring the integrity of any code running on the device.
- Scaling Strategy: It is important to have a scalable security framework and architecture to support IoT implementations