Syed “Z” Hosain, CTO, Aeris Communications
Cybersecurity is a significant focus for business leaders, with PwC reporting that 48% of CEOs are increasing their investments in cybersecurity and data privacy. The spotlight is on CISOs (chief information security officers) and cybersecurity leaders, who are under pressure to keep their organizations’ IT landscapes and data safe from attackers.
In this fluid cybersecurity landscape, that act is harder than it sounds. Cybersecurity attacks are growing, both in complexity and volume. Additionally, corporate IT infrastructures are also evolving, and new technology means new vulnerabilities.
This is particularly true of IoT solutions, which are blurring the lines between IT and OT, opening users up to attacks from bad actors and hackers. As IoT devices become more prevalent – the number of connected IoT devices expected to climb to an astonishing 24.1 billion by 2023 – so too does the opportunity for hackers to infiltrate IoT systems, threatening organizations’ IT infrastructure, data, and customers. In 2022, enterprises reported 57 million IoT cybersecurity attacks.
In light of these cybersecurity concerns, CISOs must still maintain a fine balancing act of keeping data safe, bolstering IoT security measures, and preventing attacks, while supporting growth and innovation so organizations can flourish. As they balance these requirements, here are four strategies CISOs can use to vastly improve the security of their IoT ecosystems.
Adopt an Enterprise-Wide Zero Trust Mindset
The first step in bolstering your organization’s IoT security is to adopt a cautious company-wide mentality. Organizations must be on the lookout for intrusion attempts, and ready to stop bad actors from gaining entry into their IoT networks.
Leaders and employees must question all unapproved or unrecognized device behaviors, communications, and updates. If an employee receives an email from an unknown recipient with a suspicious link, or a device begins behaving abnormally, they must recognize these clues as potential intrusion attempts and take the necessary actions to protect IoT infrastructures. Ensuring these behaviors among employees starts with consistent, effective cybersecurity training for all employees. But, it also comes from instilling a cautious zero-trust mindset throughout every level of an organization.
CISOs and cybersecurity leaders should also encourage proactive monitoring and preparing for potential IoT network intrusions. This offensive mindset ensures organizations are never playing catch-up to an IoT intrusion and enables them to act faster to deal with the situation and protect their IoT environment and assets.
Implement Robust Employee Security Training Programs
Consistent security training is simply one of the best ways to combat intrusions such as phishing attacks and malware, which are costly for organizations. Just last year, malware attacks on IoT networks cost organizations an estimated $2.8 billion. On a macrolevel view, all total cybercrime is expected to cost a collective $8 trillion – a sum equal to the third largest economy in the world, behind the United States and China.
By instituting consistent employee security training, organizations help their workforces from falling victim to these threats. However, CISOs and cybersecurity leaders must go deeper than generic training designed to simply meet certain benchmarks. Employees need consistent training and must learn how to recognize intrusion attempts. For example, organizations can send test phishing emails to their employees to gauge their ability to discern and deal with an attempted intrusion.
Consistent security training is a particularly vital part of securing IoT systems, as phishing and intrusive malware represent a significant risk to IoT networks. For example, if an employee falls prey to a phishing attempt via a connected device, the organization’s entire IoT network – and their partners’ and customers’ networks – are immediately at risk of being infiltrated.
Prepare IT Environments for Remote Work
It’s obvious that as we emerged from the COVID-19 pandemic, hybrid work environments have steadily become the new normal for many office jobs. In fact, many people prefer hybrid work environments today. According to recent Gallup research focused on hybrid work environments, 38% of respondents indicated their desire to be in the office two to three days a week, while 29% want to be in the office less than two days a week.
As employees continue conducting business at home and in other venues such as coffee shops, vacation homes, and hotels, organizations must equip employees with the necessary tools to stay secure no matter where they work. Public wi-fi options– like those found in airports and coffee shops – often don’t offer the security necessities found in office IT environments.
It’s important to give your employees the means to be secure, even when they are not at the office. For example, at Aeris, we preload a VPN service on employee laptops, which they can leverage when working remotely. We also conduct training sessions for employees and their families on phishing and cybersecurity issues. This fortifies home networks, which can be compromised and lead to an intrusion of employee devices on the family network. Taking steps like this will enable organizations to accommodate hybrid work schedules and protect their IT environments.
Leverage Robust IoT Security Solutions to Protect Your IoT Investment
While these actions go a long way in protecting your IT and IoT environments, they cannot stop every single intrusion. Since most IoT environments are often made up of hundreds – or thousands – of connected devices, IoT security solutions are particularly useful, as they leverage device behavior data to understand what are – and are not – normal network behaviors. As cybercrime continues to become more prevalent and sophisticated, robust security solutions are fast becoming a necessity for organizations to leverage in their IoT environments.
