Citing a report by industry analyst Telsyte, Palo Alto Networks says this “wholehearted embracing” of IoT by businesses and consumers alike will bring enormous benefits, opening up opportunities to increase safety, productivity, and convenience.
Palo Alto Networks also cites recent PwC research showing that IoT could achieve potential annual benefits of more than US$300 billion per year over a period of eight to 18 years - but cautions that these devices can also create a significant security risk if not managed properly.
“While consumer-facing risks are real, there are also more insidious risks that are often not considered in the IoT discussion,” says Palo Alto.
“IT devices controlling public utilities such as energy and water are compromised, the risks to public safety can be enormous through contaminated water or interruption to the electricity supply. If businesses’ IoT sensors are compromised, the results can include massive compliance and legal issues not to mention financial and brand implications.”
Sean Duca, vice president and regional chief security officer, Asia Pacific and Japan, Palo Alto Networks, said, “Organisations are increasingly relying on IoT devices to improve productivity and safety, and the results are overwhelmingly positive.
“However, it’s essential for these businesses to avoid becoming complacent when it comes to securing IoT devices. Just one unsecured device can create a gateway into the organisation’s network and cybercriminals can then have free reign to sabotage operations, steal information, create havoc, and damage organisations irrecoverably.
“Securing IoT devices doesn’t have to be overly complex or costly. It’s simply a matter of including the IoT devices in an organisation’s overall security posture, which should already include the ability to detect IoT devices on their network, the risks associated with them and segmenting access and communication to them.
“Users should never leave IoT devices with the factory-installed username and password; they should always assign new and unique usernames and passwords to new devices.”
Duca also said that “it’s also important to be realistic about what things should be connected”.
“Some IoT devices are simply gimmicks that don’t offer the same tangible benefits as others. If a device doesn’t need to be connected, businesses should avoid connecting it,” he said.
“IoT devices should be treated like any other endpoint device and secured accordingly. Network segmentation, zero-trust approaches, strong passwords and where possible, multifactor authentication, and preventing users from connecting personal IoT devices to corporate networks are all important IoT security hygiene.”