Zero Trust is Incomplete Without Device Security

Jun 21, 2023
5 minutes

The number of connected IoT devices will continue to rise in the coming years, reaching an average of over 9,000 devices per enterprise by 2025. Unfortunately, most existing IoT security solutions lack any inbuilt prevention or enforcement and employ dated signature-based discovery methods focused on known devices. Poor IoT security was a factor in several infamous breaches in recent years, including those at SolarWinds and Colonial Pipeline, ultimately costing billions of dollars to remediate.

The 2023 IoT Security Benchmark Report reveals how top-performing organizations use advanced IoT security to protect connected devices from known and unknown threats. The report was developed by Starfleet Research, a world leader in benchmarking best practices in technology-enabled business initiatives. A team of subject matter experts used primary and secondary research techniques that engaged IT and cybersecurity leaders, IT staff and other industry practitioners with firsthand experience with IoT security in their organizations.

Here are a few highlights from the 2023 IoT Security Benchmark Report.

IoT Size and Scope across Industries

Connected network devices have proliferated on enterprise networks, going from an average of 700 devices in 2020 to more than 3,000 devices in 2022. Experts agree that this number will continue to grow exponentially across all industries. The use of IoT devices across a range of sectors includes some of the following:

  • Healthcare: wearable devices (e.g., fitness trackers, smartwatches), pacemakers, blood pressure monitors, connected hospital equipment (e.g., MRI machines, X-ray machines).
  • Manufacturing: RFID tags, sensors, cameras, controllers.
  • Hospitality: smart locks, thermostats, sensor-based lighting, energy management systems.
  • Retail: beacons, interactive displays, connected fitting rooms, connected packaging)
  • Financial Services: ATM sensors, NFC-powered devices [e.g., smartphones, smartwatches], CCTV cameras, authentication tools.
  • Government: traffic monitoring, air quality monitoring, traffic safety, smart trash cans, intelligent water meters.

The Dark Side of the IoT Explosion

With the IoT market expected to reach $1.6 trillion by 2023, the risks that connected devices bring threaten to negate the benefits derived from increased productivity, efficiency and revenue. The manufacturers

of IoT devices have not always done everything possible to safeguard them. IoT devices are often designed by manufacturers with convenience in mind, which can sometimes come at the expense of security. In short, IoT devices are often shipped with vulnerabilities, run unsupported operating systems, are difficult to patch and lack encryption in communication. IoT devices are vulnerable to medium or high severity attacks.

Challenges Protecting Connected Devices

Understanding the challenges that organizations face as they try to secure IoT devices helps inform decisions about solutions. Here are several of the most commonly cited challenges:

  • Complexity of connected device ecosystems
  • Inability to gain complete visibility
  • Varied security levels
  • Inadequate security features
  • Lack of network segmentation
  • Unencrypted data
  • Limited security standards
  • Compliance requirements
  • Insufficient time and financial resources

To address these challenges, organizations need to rethink their security strategy. Connected devices must be integrated into security frameworks to close these risky gaps and mitigate vulnerabilities across an expanding attack surface.

Zero-Trust Approach and Device Security

In a Zero Trust system, all devices and users must be verified and authenticated before they are granted access to resources. The Zero Trust approach to IoT security protects an organization by eliminating implicit trust and continuously validating every stage of digital interaction. With Zero Trust, no devices or users are automatically trusted, regardless of whether they are inside or outside a network. All devices and users are verified and authenticated before they are granted access to resources. Zero Trust provides a viable and effective security paradigm that can be used to protect the hundreds of thousands of connected devices deployed across enterprise ecosystems.

How Industry Leaders Secure Connected Devices

Successful IoT security strategies are based on a Zero-Trust approach. They should also incorporate a purpose-built IoT security solution into existing security systems, such as endpoint protection platforms, intrusion detection and response systems.

Industry leaders implement IoT security that utilizes machine learning to identify vulnerabilities and suspicious activities, even those never seen before. In addition, their IoT security runs continuously, automates Zero Trust security and is deployed on a highly scalable cloud architecture. Other features that industry leaders have as part of their IoT security solution include:

  • Ability to discover all IoT devices on the network—known and unknown
  • Compliance assessment capabilities
  • Device behavior analyzes to establish baselines and detect anomalous activity
  • Protection against known, unknown, and zero-day threats
  • Prescriptive least-privileged access policy recommendations and enforcement capabilities
  • Easy integration with other security and IT systems

Reap the Benefits of Connected Devices without the Risk

Organizations across different industries have realized increased productivity, efficiency and revenue by using IoT devices. Taking time to understand IoT security, the challenges and solutions employed by industry leaders, allows organizations to reap the benefits of connected devices while mitigating risks.

Learn what you can do to secure IoT devices on your enterprise networks. Read the 2023 Benchmark on IoT Security Report to gain actionable insights into how to close gaps and take a proactive approach to IoT security.

Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.