The first half of 2023 saw an increase in cellular IoT malware attacks, with SonicWall threat researchers recording 77.9 million attacks, a 37% increase from 2022. Now more than ever, organizations managing IoT programs must take the necessary steps to secure their solutions across all levels – device, network, and application.
However, 2023 research from Kaleido Intelligence indicates that most organizations’ cybersecurity solutions are leaving significant gaps in their connected device program protection. Respondents reported their IoT security solutions do not protect against certain malicious attacks – like malware – and do not incorporate automated detection and response applications, which are necessary measures in the face of growing cybersecurity threats.
Automation Threat Detection
As cybersecurity threats become steadily more pervasive –and sophisticated – security solutions must include automatic threat migration tools to adequately secure IoT networks. According to a 2023 survey from Kaleido Research, enterprises report they have some, but not all, of the required cybersecurity tools in their security solutions. The majority of respondents (70%) deploy solutions that notify users when cost or data thresholds are breached, and just under half (42%) of organizations reported having solutions that alert them when device configurations are altered.
However, the vast majority of respondents reported not leveraging solutions that monitor divergent device behavior or traffic. Only 12% of surveyed enterprises have security solutions that judge divergent traffic to be anomalous, 14% work with solutions that detect devices attempting to use unusual ports or protocols, and only 19% of respondents have solutions that detect devices attempting to contact usual IP addresses. A mere one percent of enterprises surveyed have security solutions with all the mentioned capabilities.
Automatic detection and response protocols are going to become a requirement for IoT security solutions as threat actors continue their campaign against connected device programs. Organizations should also integrate IoT security solutions that leveraging Artificial Intelligence and Machine Learning to find and respond to threats and anomalous traffic in their IoT system to help them improve their security posture.
Specific Threat Responses
The Kaleido Intelligence research also surveyed organizations about whether their security solutions can detect specific cybersecurity threats. The researchers asked organizations if they worked with security solutions that helped protect against malware, denial of service attacks, command and control attacks, data exfiltration, and ransomware. Nearly half (49%) of respondents indicated their solutions do not aid in the protection of any of these threats, while two percent have solutions providing assistance against malware, 13% against denial of service attacks, 16% against command and control attacks, four percent against data exfiltration and seven percent against ransomware.
Bad actors can wreak havoc on not only IoT implementations but against IT stacks as a whole and these attacks can cost enterprises millions of dollars. According to IBM, the average malware attack cost organizations $4.4 million in 2022. As enterprises look for security partners, it’s important to partner with a IoT security solution provider that has the right knowledge and expertise to help companies protect their IoT security investments.
