The Hidden Risks of IoT: Why Enterprises Need to Modernize Mobile Security
Remember the 2020 SolarWinds supply chain breach where more than 18,000 SolarWinds customers accidentally installed updates that contained malicious code? Cybercriminals used the codes to steal customer data and then spy on other organizations. It showed how even large companies can be vulnerable due to weak links in their technical supply chain.
Supply chain security is critical and the increasing use of mobile devices is transforming the workplace and industrial landscape. Reliance on these devices poses significant security concerns, especially in critical infrastructure sectors where breaches can have catastrophic consequences.
Head of Global Enterprise for Asia Pacific at Verizon Business Group.
Mobile and IoT devices: the new frontier
In a survey of 600 security strategy, policy and management professionals from around the world, the Verizon Mobile Security Index (MSI) highlights this growing concern. Not surprisingly, more than 80% of organizations consider mobile devices critical to their operations and 95% are actively using IoT devices. In fact, more than half of those deploying IoT devices reported experiencing significant security incidents.
Challenges posed by the proliferation of mobile and IoT devices
As many as 95% of companies surveyed are actively using IoT devices, delivering significant efficiency and innovation benefits. However, this widespread adoption also comes with significant security risks. In critical infrastructure sectors, where 96% of companies deploy IoT devices, 53% have experienced significant security incidents involving data loss or system outages.
Improving existing security concepts is essential, as almost a third of respondents do not have holistic monitoring of all IoT devices within their organizations. Additionally, 46% of critical infrastructure companies still rely on manual audits to verify the encryption of IoT devices.
These outdated methods are insufficient to address the complex threats of today’s cyber world. Nevertheless, many companies are responding proactively: 89% plan to increase their investments in mobile security solutions. Awareness of the need for modern security strategies is growing.
In addition to IoT challenges, AI-enabled attacks pose a significant threat. With 77% of respondents expecting attacks such as deepfakes and SMS phishing to be successful soon, and 88% of critical infrastructure respondents recognizing the importance of AI-based cybersecurity solutions, the urgency is clear.
To prepare for future threats, companies must adopt innovative technologies in addition to classic security solutions. This includes comprehensive security concepts such as Zero Trust and the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, as well as meeting regulatory requirements such as the EU’s NIS2 Directive.
In Singapore, a new cybersecurity amendment was passed into law by the Singapore Parliament in May, significantly expanding the scope of regulated entities and systems beyond the critical infrastructure providers initially targeted by the law.
This is in response to the rise of cloud computing and the growing role that third-party providers play in helping run technology platforms that support the economy, from energy companies to public healthcare providers and the financial system. The law has been extended to providers of fundamental digital infrastructure (FDI) and systems that are virtual and located abroad.
The growth of the Industrial Internet of Things (IIoT) further complicates the cybersecurity landscape. As sensors and specialized devices are integrated into enterprise networks, it is essential to not only secure traditional IT systems, but also meet the specific requirements of IIoT.
From employee training to Zero Trust
To combat evolving threats, companies are increasingly investing in mobile cybersecurity and adopting advanced security frameworks. The shift to remote and hybrid work arrangements, spurred by pandemic restrictions, along with the increased use of IoT sensors in smart cities’ infrastructure and manufacturing factories, has prompted companies to strengthen their mobile cybersecurity efforts.
About 84% of organizations have increased their spending on mobile device security. The persistent threats from shadow IT remain a major concern. Respondents anticipate growing threats such as AI-enabled attacks, including deepfakes and SMS phishing, which require more advanced threat detection, employee training, and compliance with cybersecurity standards and frameworks such as Zero Trust.
Historically, mobile cybersecurity has often been overlooked as organizations focused on securing their core on-premises networks and cloud infrastructure. However, the MSI further reveals that mobile devices (be they smartphones, laptops, remote video cameras, or temperature sensors) represent critical endpoints that can be breached. This underlines the urgent need for enterprises to modernize their security strategies to address the evolving threats posed by mobile and IoT devices.
“Navigating the Future: Prioritizing Mobile and IoT Security in an AI-Driven World”
As AI-enabled attacks further complicate the cybersecurity landscape, it is imperative for companies to adopt innovative technologies and comprehensive security concepts to effectively combat these threats. Meeting regulatory requirements is also essential to ensure robust cybersecurity measures.
Securing critical infrastructure requires an unwavering commitment. To build trust in public services and businesses, organizational and security leaders must take decisive action. Business leaders must ensure full visibility into all IoT projects within their organizations and enforce consistent standards for mobile security, built-in IoT device security, network segmentation, and data encryption.
It is critical to educate employees and end users about the dangers of credential theft, the importance of basic security hygiene, and the power of skepticism and situational awareness. Cultivating a robust cybersecurity culture within organizations is essential, because anything short of relentless protection efforts is insufficient when the stakes are so high.
This call to action extends beyond critical infrastructure organizations. The MSI revealed similar patterns of mobile and IoT security gaps across industries. Public and private organizations must work together to deploy multiple layers of defense to thwart threat actors and secure the immense progress made possible by mobile and IoT connectivity. By doing this we can better protect our data, systems and overall digital presence in an increasingly interconnected world.
We have highlighted the best business laptop.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro