The cybersecurity and health informatics professor is unsure whether organizations have improved the way they defend against cyberattacks.
The Internet of Things is expected to grow into a $1.1 trillion market in 2023. It will be among the few trillion-dollar markets globally, with the number of IoT devices expected to exceed 25 billion in 2030. This enormousness is exciting, but it is also fraught with risks as the evolving cyber threat landscape looms large over the rapidly growing diversity and the number of connected devices with no native cybersecurity protections.
IoT security in 2022 has been relatively a muted concern. Alarms have been rung and cybersecurity experts have not been remiss in reminding industries about the risks of the unregulated use of IoT devices. In 2023, the prospects for IoT security are unlikely to become favorable, especially with the backdrop of uncertain economic developments that tend to force companies to compromise security spending and push cybercriminals to be more aggressive and creative.
However, it’s not going to be all gloom and doom. Here’s a rundown of what the new year is set to bring for the security situation of the internet of things.
Concerted IoT security efforts
Starting off with the positive, it is encouraging that governments are becoming more involved in cybersecurity efforts. In the United States, for example, H.R.1668 – IoT Cybersecurity Improvement Act of 2020 clarifies mandates for the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to get enmeshed in the cybersecurity of IoT devices.
Additionally, there is an ongoing effort to establish a cybersecurity labeling program for IoT products similar to the Energy Star labels used to indicate the energy efficiency of electronic devices. Many industry players have already expressed support for the idea of IoT cybersecurity labeling. Google, for one, expressed keenness to be part of the program, noting that it had already undertaken previous efforts to secure its Next and Pixel devices.
When it comes to cybersecurity solution providers, companies specializing in IoT security have emerged. Israeli startup Sternum, for example, offers patented technology specifically designed to secure and manage IoT and devices, including those used in the medical (IoMT) and industrial (IIoT) fields. Sternum IoT security solutions are a nod to how viable this rapidly growing niche is.
Governments, security solution providers, IoT device makers, as well as IoT users appear willing to become part of efforts to adequately secure the internet of things. This is definitely a welcome development amid reports of threat actors taking advantage of vulnerabilities and security weaknesses among IoT devices.
The growing importance of healthcare IoT security
Healthcare has been one of the most frequently attacked industries over the past few years. It is set to become an even more “attractive” target in the upcoming year with the more widespread deployment of IoT devices. A market research report shows that the global healthcare IoT market will nearly triple by 2026 (compared to its 2021 levels). That’s around three times more attack surfaces, especially for many organizations that are not yet well-versed in IoT security.
Security strategist Richard Staynings, who is associated with the University of Denver, is hesitant to express optimism about the state of healthcare cybersecurity in 2023. “I wish that I had a more positive prediction for 2023, but that would be putting lipstick on a pig,” Staynings laments.
The cybersecurity and health informatics professor is unsure whether organizations have improved the way they defend against cyberattacks. “I think some health systems have prioritized cybersecurity, but I think most have a long way to go. And that comes back to governance, leadership, and the prioritization of cybersecurity. It’s not where it needs to be right now,” Staynings explains.
The need to become proactive in dealing with threats
Most organizations continue to have a reactive approach in addressing cyber threats. Hospitals and other healthcare facilities deploy security controls, but they lack the ability to anticipate attacks and resist zero-day threats. The same is true among IoT device manufacturers. Until now, the go-to cybersecurity strategy for most device makers is security patching, wherein device manufacturers only release security patches or firmware updates to their devices whenever new threats are detected and profiled.
Proactive approaches in addressing unidentified or zero-day threats already exist. These include web application firewalls, which secure web apps through traffic monitoring and filtering instead of the usual perimeter-based protection. There are also extended detection and response (XDR) platforms that are SaaS-based and designed to address security threats by collecting and correlating security data across network points.
IoT product manufacturers can also secure their devices proactively by deploying a product security and observability system on their devices with active threat mitigation capabilities. This may sound like additional cost and effort but is essential for IoT device makers to establish an attractive reputation to stand out in a market flooded by run-of-the-mill products and poor security reputation.
Difficulties in implementing IoT security solutions
A survey of senior IT managers reveals that 93 percent of organizations admit that they have failed with their IoT security projects. There have been efforts to secure IoT devices, but too few are finding success. Also, most organizations are aware of the need to improve their security posture in view of the internet of things, but they are having difficulties achieving their goals.
These failures are attributed to a number of reasons. Among the major causes are the cost of the security technology and the time it takes to implement it. Many organizations still hesitate to invest in security solutions and focus on conventional security spending or the bare necessities, as they rationalize their IT spending. These reasons are likely to remain in 2023, as organizations grapple with tumultuous economic conditions.
Nevertheless, there are studies that project significantly higher spending for IoT security in 2023. One from Reportlinker shows a relatively high CAGR of 31.7 percent. This signals an acknowledgment of the seriousness of IoT threats and the need to allocate resources accordingly. It would be too optimistic to expect this IoT security spending growth to materialize next year, though, given the state of the global economy.
A mixed bag, cautious optimism
Again, it would be inaccurate to predict 2023 as an imminent disaster for IoT security. Even with the relentlessly evolving attacks from threat actors and the negligence and compromises organizations commit when it comes to IoT security, there are still reasons to be optimistic. There are palpable government and industry efforts aimed at countering the growing threats of increasing IoT use.
Also, even though a significant shift towards proactive IoT security may not be attained in 2023, organizations are showing hints that they are aware of the seriousness of IoT threats. There are also surveys that indicate some degree of willingness to allot more resources to strengthen IoT security.
The silver lining in all of these is that the knowledge and insights about IoT risks have already been established. Also, effective and efficient IoT security tools and strategies are already available. It’s up to organizations to make the most of what they know and what their resources can afford to get.
Press Release Distributed by The Express Wire
To view the original version on The Express Wire visit What You Need to Know About IoT Security in 2023