Global CTO & CIO, SVP Connected Technology Lexmark.
IoT promises to transform industries of all kinds. But it comes with a double-edged sword.
That’s because keeping a company secure has become a challenging task in this day and age. If these devices are not actively monitored and managed, they could present additional vulnerabilities that attackers can use to gain access to an organization’s network and data. With the overwhelming number of high-profile security breaches making headlines, American businesses have realized that the operational and reputational damage caused by a security breach is very real and they must act quickly to avoid being the next victim. To prevent cyberattacks, organizations need to ensure they efficiently manage IoT devices, protect them from hackers, and protect critical information.
This is a tall order to accomplish. Consider that approximately 127 new devices are connected to the internet every second and by 2027 there are expected to be over 41 billion IoT devices. This means that cybersecurity is more important than ever and will play an increasingly important role in our everyday lives.
Unsecured IoT devices are particularly vulnerable to cybersecurity threats as they maintain access to digital infrastructure. According to a study by cloud security company Zscaler, IoT malware attacks increased by 700% during the pandemic. The compromised devices included everything from smart TVs to smartwatches to IP cameras.
As IoT devices become the norm, a new approach to cybersecurity is required. To address these security concerns, many organizations are adopting a Zero Trust (ZT) framework based on the principle that “no one is automatically trusted” and assumes that bad actors are invading or already in the network. With Zero Trust, every device, user, and application is given the least privileged access to the architecture by default, even after authentication and authorization.
The key principles of Zero Trust are:
- Never trust or take steps to mitigate the impact when there is a breach.
- Always check.
- Enforce least privilege.
An advantage of this approach is that it considers the importance of the applications that the users or devices are trying to access and whether they fit their roles, access needs, and responsibilities. Adoption of the Zero Trust framework ensures that the appropriate steps are taken to achieve acceptable levels of security for IoT devices, integrations and data processing.
While the principles remain the same, there are many interpretations and implementations of Zero Trust. When considering a vendor, choose one that makes the most sense for your business and offers solutions that continuously identify and evaluate practices. The provider should also use technologies that protect your business, such as B. the monitoring of data inventory, classification, archiving and deletion to comply with business policies, interactions with other security systems and impact on IT and business projects.
The same technologies that enable organizations to maximize the benefits of the IoT exponentially increase the security threat to network integrity and put valuable information at risk. By using a Zero Trust framework, organizations can unleash the full power of the IoT while diligently protecting their networks, data, and customers.
The Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology leaders. Am I Qualified?