Skip to Main Content

Back to all Resources

Network security protects your IoT data from prying eyes

It’s well understood that internet of things (IoT) technology has provided us with valuable data and actionable insights. In fact, so many IoT devices have been deployed to date that terms such as “digital twins” or “mirrored world” are used to describe, respectively, the digital representation of the physical objects around us and the real world we live in. Depending on which source you use, the number of IoT devices in operation range from 11.3 billion (IoT Analytics) to more than 35 billion (Juniper Research). Either number clearly dwarfs the entire human population of 7.9 billion (Worldometers), and the number of IoT devices on this planet will only continue to rise over time. 

While IoT devices have become an important and integral part of many businesses, their significance also attracts the attention of malicious actors for nefarious reasons. What they seek is corporate/customer data, money (ransom), computing resources (for botnet or crypto mining), or sabotage. As more businesses are leveraging greater numbers of IoT devices, there are prying eyes out there actively seeking to take advantage of any cybersecurity weakness in the IoT network. 

Sobering Statistics  

Three statistics underscore how precarious the situation is today for many IoT devices in operation: 

24%: According to Zscalar, this is the percentage of IoT devices that are communicating on unencrypted plain text channels. It means a majority of the data transactions could pose potential risk to the business. In contrast, Google reported that 95% of internet traffic is far more secure because it is encrypted with either SSL (Secure Sockets Layer) or TLS (Transport Layer Security).   

5 minutes: According to Kaspersky data quoted in a TechRepublic article, after Kaspersky set up an internet-connected honeypot to detect online attackers, this is the amount of time it took for the honeypot to be probed for exposed services as the result of a large-scale internet scanning.   

500%:  According to an IBM X-Force researcher quoted by SecurityIntelligence, this is the percent increase in the overall number of IoT attacks perpetrated by prominent IoT botnets like Mirai and Mozi. 

What Make IoT Devices Especially Vulnerable?  

In our 2021 webinar, “Overcoming the Cellular IoT Security Challenges,” Aeris CTO Sayed “Z” Hosain identified the primary reasons as: 

  1. Lightweight, constrained resources 
  2. Uncontrolled environments 
  3. Scale of deployments 
  4. Long lifespan 
  5. Deployment in many markets 

For companies that use a cellular network for IoT connectivity, when it comes to IoT network security, the cellular network is arguably a black box. This is mainly because mobile network operators (MNOs) and mobile virtual network operators (MVNOs) do all the heavy lifting in terms of connectivity management and security. For companies that have implemented a Defense in Depth strategy, in which multiple layers of security controls (or defenses) are placed throughout the information technology (IT) systems, network security may be an afterthought. In fact, it should be just as important as the security of the devices, data, and applications.  

How to Implement Network Security? 

The recently released Aeris Intelligent Security Center (AISC) provides continuous non-intrusive monitoring, behavioral analysis, and the ability to detect offline devices or rogue actors. Even when encryption is implemented at the application layer, a network-based monitoring solution such as AISC can verify that communications are actually happening over encrypted channels. It is far easier to deploy and there is nothing extra to install or configure, like other agent or agentless “snap-and-tap” IoT security solutions. It’s also more scalable, no matter how small or how large your IoT deployment is now or will be in the future, and no matter what type of IoT devices you need to monitor. 

Another benefit of using AISC is that it provides greater visibility into your IoT security. It helps differentiate what’s vulnerable (i.e., susceptible to attack) from what’s impacted (i.e., is, or has been, attacked), especially for IoT devices where the scale of deployments can easily reach tens of thousands of devices. You can quickly and easily prioritize the remedial actions for impacted devices—usually a small handful of them—before you roll out the security patch to the rest.  

Aeris also offers a full suite of IoT security features such as account/SMS lock, static/dynamic private IP address, non-dialable numbers, standard access point name (APN), virtual private network (VPN), ConnectionLockTM, and Cloud Connect. Together with AISC they help to safeguard your IoT devices through prevention, detection, and rapid response. 

Learn more about AISC by downloading our new security eBook “Solving Cellular IoT Security Challenges with an Intelligent Network.”

Sign up for the latest on IoT intelligence