Enterprise Internet of Things (IoT) devices can make company operations more efficient and productive, especially if they help cut down on manual steps and human error. But when company leaders think about the benefits of IoT devices — which are undeniably numerous — they often forget to simultaneously assess the risks of data breaches associated with those devices.
Staff members could unintentionally cause enterprise IoT data breaches
It may seem that the best way to prevent enterprise IoT data breaches is to deal with the weaknesses at the device level. Indeed, that’s a worthwhile place to start, but it’s also necessary to adjust staff training material so that it instructs workers how to avoid mistakes that lead to data breaches. Quocirca investigated printer-related data breaches at companies during a global study.
It found that 72% of respondents felt concerned about print-related security breaches, and 59% experienced at least one printer-related data loss.
Moreover, internal users cause 32% of print security issues. Printers are only one kind of connected device an enterprise might use to increase its output and better serve customers. However, this example highlights why staff training should certainly be part of IoT data breach reduction strategies.
IoT automation brings numerous business benefits
Many of the people who use IoT devices at the consumer level first discovered the automation benefits of IoT devices when they bought smart speakers and connected them to several pieces of smart home equipment. Then, it was possible to carry out sequences of events, such as turning off the lights and adjusting the thermostat, with one command.
Similarly, enterprises can set up automated workflows that provide perks ranging from reduced operating costs to improved compliance documentation. It’s also smart for business leaders to research how they could update the software used by their IoT devices.
AI and IoT: two sides of the same coin
That’s because F-Secure conducted a study to measure the number of attack types of IoT devices and found that the number went from 19 to 38 in one year. Moreover, threats capitalizing on weak or default credentials or unpatched vulnerabilities comprised 87% of the problems. If companies take steps to automate IoT software updates, they could cut down on breaches that happen because of out-of-date versions.
IoT data breaches from third-party vulnerabilities are on the rise
One of the most important things for business leaders to keep in mind regarding IoT data breaches is that they are not hypothetical scenarios — and third-party vendors have some of the vulnerable devices. The Ponemon Institute recently released findings from a study about third-party risks and IoT devices.
The study revealed that the percentage of companies that experienced IoT-related data breaches due to an unsecured device rose to 26%, which is an 11% increase compared to the 2017 findings. Plus, more than 80% of companies believe breaches will happen at their companies within the next two years, but less than half of board members approve programs to mitigate third-party risk.
The trouble with enterprise IoT and its identity management problem
The Internet of Things (IoT) encompasses a growing number of connected devices ranging from security cameras to smart thermostats. Many businesses use enterprise-level IoT devices to help workers get things done more efficiently or to assist with meeting facilities management needs. But, there’s one area where enterprise IoT falls short — identity management
It’s also possible that the percentage of companies that went through data breaches due to third-party vulnerabilities may be higher than the study indicates since most companies are not aware of every IoT device connected to their networks or which ones belong to third-party vendors.
These findings emphasize that if companies work with outside vendors that handle enterprise data through IoT devices, it’s essential to look for potential problems with those gadgets instead of only focusing on IoT devices within the company’s internal facilities.
Promising new solutions exist — but companies have lots of work to do
Something positive for business leaders to realize is that although IoT vulnerabilities can compromise the security of corporate data, companies are aware of the risks and working hard to stop the issue from worsening. For example, Trend Micro deployed an integrated IoT security solution that thwarted 5m attempted attacks against IP cameras in five months.
In 2018, Intel and Arm IoT teamed up to work on a product that allows securely onboarding any IoT device to any cloud infrastructure in a matter of seconds instead of the approximately 20 minutes required for manual onboarding of new devices.
Despite progress like the examples above, companies have a long way to go in getting to the bottom of IoT data breaches. Findings published in 2019 by Gemalto found that companies are spending more of their IoT budgets on protective measures, but about half of those polled (48%) still can’t detect when their IoT devices get breached.
Why digital trust matters in the IoT
Situations get ever more complicated, then, because it could become challenging for companies to assess which of their IoT devices hold the most confidential information, not to mention when breaches begin and what hackers gain from them. The longer that breaches persist, the more data gets lost. The financial losses can add up too.
DigiCert carried out a survey and found that of the companies struggling the most with IoT security, 25% of them suffered monetary losses of at least $34m in the last two years. Those findings give a glimpse into how much enterprise-level vulnerabilities can hurt the bottom line.
Treat IoT data breaches as top-of-mind concerns
It’s impossible to classify IoT data breach consequences for companies at large because the ramifications vary depending on the type of device infiltrated. For example, if cybercriminals get data from an IoT security camera, they could identify the layout of a building enough to carry out successful physical attacks on business.
Or, if the IoT device is a point-of-service (POS) terminal that processes credit card payments at a retail location, improper setting configurations could leave credit card details exposed for hackers to seize and sell on the black market.
Concerning an IoT data breach that happens on connected equipment at a manufacturing plant, those to blame could get data that exposes trade secrets or gives them the power to make a machine behave abnormally and produce defective products.
Given the diversity of damage that could follow IoT data breaches, company executives and tech experts must take the matter seriously and realize that failing to take a proactive stance to prevent data breaches with connected devices and be aware of weak points could bring disastrous outcomes.