Australian SMEs looking to improve productivity and connectivity have increased the adoption of Internet of Things (IoT) devices within their business. IoT devices are connected through a network and transmit data over the Internet – if you look around, you will certainly notice some. From online security cameras to connected printers, VoIP phones, and smartwatches and lights, IoT devices have become tools in our daily routine helping increase business productivity and efficiency.
But as connectivity increases, so do cyber-risks. IoT devices are easy to hack into and cybercriminals continue to exploit these vulnerabilities, taking advantage of those companies that don’t include IoT as part of their cybersecurity strategies. Without a proper plan, no business or industry is immune.
Check Point data revealed only 11 per cent of SMEs had fully implemented an IoT security solution, and a staggering 52 per cent did not have IoT security deployed at all, leading to 67 per cent of enterprises experiencing IoT-related incidents.
With the number of IoT devices accelerating to 55 billion by 2025, the demand for a comprehensive security solution to protect businesses from the most sophisticated cyberattacks has never been stronger.
So, how can SMEs secure their IoT devices and networks and prepare for the year ahead?
Hacked IoT devices are an open door to your business
One key security challenge is the diversity. Many IoT devices have vulnerabilities and cannot be patched, or use insecure communications protocols. Another common problem is that organisations have devices from multiple vendors, with many shadow devices that are unmanaged and connected without authorisation. This means that businesses have limited visibility and control of devices and their associated risks, creating an environment that is extremely vulnerable to attacks.
Take back control
One solution that we utilise is based on a three-pillar approach that can be used by SMEs to increase their security levels and protecting their infrastructure:
- IoT discovery and risk analysis
- This stage aims to identify and classify all IoT devices on any network through integrations with the leading discovery engines, to expose risks such as weak passwords, outdated firmware and known vulnerabilities. All devices need to be identified in detail, including a risk score.
- Zero-trust segmentation
- When your business security is at stake, it’s essential to create a set of strict rules that will ensure your peace of mind. This is called the “zero-trust” approach. There are exceptions.
- We focus on creating and applying rules and policies across your entire IoT network, based on details collected through the map and recommend solutions providing IT teams full visibility and capacity to manage the policies.
- Threat prevention
- It’s time to ensure your company has a plan to prevent and mitigate risks;
- There are numerous things to consider, and some of the key ones are:
- To have the ability to “virtually patch” IoT devices to fix security flaws, even those with unpatchable firmware or legacy operating systems.
- To build-in zero-day prevention that includes common threats such as unauthorized access attempts and monitoring of the traffic to and from devices and servers.
Working with a cybersecurity expert can help you find the right multi-layered security approach to secure your IT and security infrastructure. These essential steps can protect your business in moving forward into what we hope will be an exceptional new year.
Ian Raper, Managing Director – Australia and New Zealand, Check Point Software Technologies
