Cybersecurity, Internet of Things

Internet of Things and Cybersecurity – Challenges and Solutions


According to Juniper Research, the total number of IoT connections will touch 83 billion by 2024, doubling the count from 2021. Everyday objects that connect to the Internet, such as a thermostat, air quality sensor or wearable health monitor, constitute the Internet of Things.

Increasingly more “things” and systems in our lives are being embedded with computing power and network connectivity to enable their communication with other connected devices and systems- opening up a large avenue of use cases in everyday life as well as business settings.

Expanding network connectivity to all corners of our lives is helping us become more efficient, quick and capable in carrying out critical tasks.

Over the years, industries such as healthcare, retail, manufacturing and more have applied the IoT to gain a competitive advantage and yield better services and products.

Related Reading: How IoT is Facilitating the New Normal of Employee Experience

However, benefits aside, the IoT also opens up individuals and businesses alike to a newer world of threats that is more intricate and exposed.

Internet of Things or Internet of Threats

According to Kaspersky, IoT cyberattacks more than doubled YoY during the first half of 2021 with 1.51 billion breaches of IoT devices. The pandemic exacerbated an already infant area of exposure- IoT devices as their usage prolonged in household settings.

While new technologies such as edge computing, IoT and artificial intelligence present opportunities, they also open up users and organizations to a complicated security landscape.

One factor that increases risks with IoT is the People factor. The IoT doesn’t rely on people or manual intervention. The very characteristic that gives the IoT its edge – creating value through sensors and devices that collect, communicate, analyze and decide – also creates new avenues for the information to be compromised.

Not only has the volume of data spiked, but is shared among more entities- including devices and humans- and is more sensitive. Resultantly, the risks are exponentially higher.

In the case of the IoT, features sometimes become a bug. For instance, if a homeowner has an automatic garage door opener that also automatically deactivates the home alarm, the entire alarm system can be deactivated by simply compromising the garage door opener.

Consider another real-life example featured in the CISO Magazine pertaining to poor security in smart TVs. In the manufacturing of smart TVs, security is an after-thought, which exposes these devices to various security vulnerabilities. Hackers could potentially control unsecured TVs to change channels and volume and stalk your everyday movement and conversations using the integrated microphone and camera.

Imagine the scale of complexity when we extend the same knowledge to manufacturing industries that employ IoT technology extensively. The most vulnerable IoT devices include laptops, computers, tablets and smartphones, storage devices, cameras and streaming video devices.

Here are the most common threats to IoT applications and devices, according to the United States Government Accountability Office:

  • Denial of Service
  • Malware
  • Passive Wiretapping
  • Structured Query Language Injection
  • Wardriving
  • Zero-day exploits

It’s hard to employ software and services like antivirus and firewalls to IoT devices that typically possess minimal processing and storage capabilities. Further, edge computing aggregates local data, proving a worthy target for attackers.

Common Industries Grappling with IoT Cybersecurity

Here are a few common verticals deploying IoT devices, technologies and services that struggle with security challenges.

Healthcare and Life Sciences

The Internet of Things has convinced healthcare institutions to enable remote patient care, diagnostics and monitoring, besides equipment monitoring, food sensors and bio wearables.

Healthcare IoT vulnerabilities can lead to significant harm than vulnerabilities in consumer devices as professionals and patients rely on these devices to make care decisions and administer treatment.

Related Reading: How IoT Enables Remote Patient Monitoring with Telehealth

Smart Homes

A smart home enables unbelievable remote access to parts of the home. Parents can remotely communicate with their children, monitor their space, be reminded when they are low on groceries, and much more.

However, each easy access also opens up users to an array of vulnerabilities. For instance, a hacker can remotely control who gets access in and out of the house if a smart lock gets compromised. A hacked smart speaker can allow malicious attackers to give commands of their own.

Supply Chains

The IoT aggravates supply chains’ vulnerabilities. IoT exponentially increases the mesh of devices. As numerous endpoints integrate, the exposed surface expands, posing a significant risk to the organization.

Organizations typically employ the IoT in supply chains for higher operational efficiency and better product demand forecasting.

Related Reading: How IoT is Optimizing Supply Chains for Efficiency & Accuracy

Industries and Manufacturing

While the IoT promises Industry 4.0 to manufacturers and industries, there is a high cost of connecting data, workers and equipment. Many manufacturing businesses are witnessing an uptick in cyber-related incidents associated with control systems that manage industrial operations.

So, while connectivity introduces advantages such as improved productivity, quicker identification and remediation of quality defects and smoother collaborations across functional departments, it also highlights the appalling gap in cyber capabilities needed to secure business-critical systems. 

Cyber Risk Management with Innovation- Balancing Act

Cyber risks and innovation are inextricably connected. More and varied data creates more potential for value. This is the selling point of the IoT- which is propelling companies to significantly invest in customer analytics and collaborations with other organizations to find new value streams for customers to monetize.

These avenues leverage all kinds of data- device and systems data, employee rosters, inventory records, facial recognition data, industrial control systems data, facilities access data and more.

Data governance has fallen behind as organizations venture into uncharted territory. If companies tighten control over governance too much, they may fall behind on innovation. And if they overlook governance, they might stare into gaping vulnerabilities. 

This is a sheer balancing act that organizations must engage in, striving to create a baseline of regular data activity and quickly flagging anomalies for further consideration.

The IoT Cybersecurity Improvement Act 2020 

The IoT technology dwells on a shared ecosystem and operating model across public and private sectors. Yet, there are little to no laws governing IoT security. The IoT Cybersecurity Improvement Act of 2020 was signed into law in December that year.

The act requires government agencies to ensure the security of their IoT devices. Several states, including Oregon and California, have passed cybersecurity laws. However, the IoT Cybersecurity Improvement Act widely impacts how IoT devices are manufactured across the board.

Manufacturers need to be aware of the guidelines introduced by regulatory agencies to avoid penalties and fines.

While standards are a part of the solution, they are off by years as the IoT continues to soar. Much of the promise of the IoT lies in its ability to aggregate diverse data. Without common governance standards for the functioning of IoT devices, interoperability seems a far-off fantasy.

Retrofitting Promises and Potential Risks

Some companies are implementing IoT applications on top of existing legacy systems, which were previously unconnected and standalone. Retrofitting can look like the more viable option considering the cost of implementing new technologies that get obsolete rapidly.

Retrofitting can also introduce newer cybersecurity risks with the many points of communication IoT introduces. In other cases, purpose-built devices and add-ons for the IoT ecosystem may become preferable.

However, being aware of the risks arising from retrofitting, assessing and mitigating them can be crucial in risk management.

An Integrated Risk Philosophy

As organizations grow, their approach to cyber risk management becomes fragmented across locations, products and business units. For some, this has worked well as parts of their business needed higher safeguarding and threat management.

However, the IoT forces businesses to reassess this decentralized approach and opt into the idea of an integrated risk philosophy. If safeguarding the IoT landscape wasn’t complicated by the volume and velocity of data, it doesn’t help that some of it is held and accessed by partners and third parties.

Consequently, business and security leaders’ only choice may be to install an umbrella risk management paradigm that governs cyber risks at every organizational level, from preventing threats to responding to them.

AI in Response to IoT Cybersecurity Worries

Leaders must implement an end-to-end security approach to safeguard against potential cybersecurity challenges with IoT devices and applications. They must rely on AI and ML-based technologies to identify existing vulnerabilities and improve alert efficiency in real-time.

  • Determine whether you have in-house AI development capability or you’d work with an AI vendor.
  • Choose an AI vendor wisely. Look at their past development records. Assess them for their experience working with companies like yours.
  • Not all automated cybersecurity solutions are built the same. Make sure the one you get is proactive in monitoring your devices and flagging unusual activity.
  • Continually evaluate your third-party AI vendor and solution to understand your IoT cybersecurity posture.

Actionable Solutions to IoT Cybersecurity

IoT security warrants work on four layers:

  • Device – Underlying hardware security is a critical aspect of IoT security. ODMs and OEMs are increasingly integrating security features in their hardware to enhance security. Security at the device level includes device authentication and identity, physical security, chip security and secure boot.
  • Communication –  The communication layer includes the connectivity networks that securely transmit and receive data. Communication security components include access control, firewall, IDS, IPS and end-to-end encryption.
  • Cloud – The cloud layer includes the software part of the IoT solution, which ingests, analyzes and interprets data to generate actionable insights. Security in the cloud layer looks like platform and application integrity verification.
  • Lifecycle management – This is an overarching layer that includes processes to maintain IoT security. Security components at this layer include risk assessment, activity monitoring, patches and updates, auditing and policies, vendor control and user awareness assessments.

According to Forbes, here are a few ways for the C-suite at both big and small organizations to safeguard against IoT security threats:

  • Leverage an established IoT cybersecurity framework that inculcates industry experience and best practices, such as those by NIST.
  • Conduct a vulnerability assessment of all connected devices, including those on-premise and remote.
  • Compartmentalize IoT devices as a containment measure to limit the impact of a cyberattack. One way to do so is by using loosely coupled IoT systems.
  • Digitally fence networks and devices through containers, devices and software.
  • Regularly patch and update vulnerabilities to both networks and devices.
  • Consider managed security and cloud security as a service.
  • Use strong firewalls, secure WiFi and routers.
  • Establish privileged access for devices and applications.
  • Use strong authentication mechanisms such as biometrics for access control and machine authentication for connecting to a network.
  • Scan all software services for vulnerabilities in applications and networks.
  • Monitor and share threat intelligence.

Finally, engage with an IoT development and security vendor who promises and demonstrates security in IoT applications.

Unfortunately, there are no fail-safe solutions to the lack of cybersecurity in IoT. So, your target as a company should be to be more secure, constantly, instead of striving to be perfectly secure.

Security gaps will continue to expand during the IoT era as organizations distribute thousands of IoT connections in their systems. It falls on security leaders and founders to understand potential vulnerabilities and mitigate them through a comprehensive cybersecurity strategy.

Using a comprehensive risk management approach to understand and mitigate the effects of IoT threats can be a holistic solution to take on.

Every IoT project needs careful consideration of the underlying security. KiwiTech’s IoT development services integrate security into the development process.

Subscribe to our news letter
Stay current with our latest insights