Internet of Things devices has proliferated in recent years with more connected devices hitting the consumer, commercial, and industrial markets. In a report released by Deloitte, shares several ways of IoT Device Security for Organization.
As such, organizations should already be prepping ways to protect their connected devices. Companies that deploy IoT devices in their environments should beef up their security measures, while manufacturers that make connected products should ensure that they’re secure by design.
Five best practices of IoT Device Security
To help manufacturers, businesses, and other organizations better secure their IoT devices, Deloitte offers the following five best practices:
- Take note of every network endpoint added. Every endpoint added to your network creates more areas through which cybercriminals can attack. Deloitte advises organizations to bring as much of their endpoint footprint as possible under their security management. Spending on IoT endpoint security is expected to rise to more than $630 million in 2021, according to Gartner analysts.
- Align operational technology, IT, and security. Once more of these connected devices are properly managed, integrating security tools can become a more effective process. In addition to deploying IoT devices, organizations are managing digital transformation projects at the same time. But less than 10% of cyber budgets are allocated to these efforts, according to a «Deloitte Future of Cyber» study.
- Know the players in your ecosystem. To successfully achieve their goals with their IoT initiatives, companies need to understand the enterprise and cyber risks, create a plan to prioritize and mitigate those risks, and then align the process across all the major stakeholders, including operational technology, IT, and cybersecurity. The interconnectivity of third-party hardware, software, or services could be the source of a security breach. Therefore, organizations need to consider how a connected device interacts with these third parties. Contracts with third, fourth, and fifth parties should address security updates and concerns.
- Employ artificial intelligence and machine learning to detect anomalies that humans cannot. Artificial intelligence for IT operations has grown from an emerging category into a necessity for IT. AIOps platforms are uniquely suited for establishing a baseline for normal behavior and for detecting subtle deviations, anomalies, and trends. Organizations should take a secure by design approach in tandem with an AIOps approach to prevent and identify cyber-attacks.
- Conduct vulnerability assessments on devices. Organizations should also set up a third-party risk management program to evaluate the cyber risks of their third-party and supply chain partners. Whether through basic testing or a bug bounty program, testing can provide assurance of the security protections in place for connected devices.
Source: Tech Republic