Securing the Surge of IoT Endpoints

By Phil Rossi -

The newest wave in the global technical tide is the Internet of Things (IoT), an emerging population of digital devices that build on smartphone capacities while eliminating the need for hands-on human control. Programmed to interact with other devices, these tools automate mundane tasks, leaving their humans to focus on more important goals. As more IoT devices roll out, maintaining security at each separate device becomes an increasingly difficult challenge.

Extreme Global Growth Year-Over-Year

According to Gartner:

  • The number of IoT endpoints grew over 30 percent from 2016, reaching as many as 8.4 billion devices in use around the world in 2017.
  • The agency also predicts that that number will almost triple to over 20 billion before 2020.
  • Applications in consumer goods are second only to the auto industry for numbers of IoT instances, with “educated” endpoints dropping in price and gaining in popularity.

The challenge? Most IoT devices come with little or no built-in security capacities, so each of these billions of endpoints generates a vulnerability for hackers to enter otherwise secure enterprise operations.

Challenges Growing, Too

Three regions account for usage of two-thirds of the IoT device volume, North America, Western Europe and China, with China being particularly troubling. Recent events revealed the possibly intentional inclusion by a Chinese manufacturer of a hidden “backdoor” into its IoT devices. The vulnerability enables continuing access by the producer to the device and may also keep the door open for other potential intrusions and exploitations. When contacted by the researchers who discovered the gap, the vendor elected to simply hide the backdoor deeper within the programming, then stopped responding to inquiries altogether. One industry expert noted, “Unfortunately, this is not an isolated incident… These backdoors are often… the guise of ‘remote administration’ but are occasionally used for more nefarious purposes.”

Complicating the challenge is the growing acceptance of the “Bring Your Own Device” (BYOD) trend, where workers access their personal devices for corporate purposes. While both convenient and economical (employers don’t have to shell out the cost for each piece of technology), each individual endpoint represents another vulnerability to the corporate computing environment. Additionally, putting corporate controls over personal devices adds two extra wrinkles to the problem:

  1. It may prevent workers from achieving their best by reducing access to their preferred technical tools
  2. Trusting device security to individual employees means corporate security is only as good as its least secure worker.

Ergo, companies that anticipate engaging with either or both the BYOD and IoT opportunities need to establish a system that secures any and all such endpoints that may come into contact with their enterprise environment.

Conclusion

An appropriate security strategy will encompass all aspects of the digital environment. At the very least, companies should evaluate their existing risk profile to determine not if, but where, their current vulnerabilities lie, and also clarify the extent of existing security measures already in place.┬áThe IoT is raising the volume of risks across all enterprise computing environments and corporations serious about security should consider investing in comprehensive security procedures and software to avoid becoming the next “horrible warning” of the global marketplace.