In this piece for IoT Insider, Chris Brown, Principal Lead Consultant at Bridewell shares the five steps to safeguard consumer IoT
The integration of IoT devices into daily operations is advancing rapidly, which in turn, brings a steady increase in concerns over IoT security. With the number of IoT devices expected to double globally from 15.1 billion (2020) to 29 billion by 2030, effective security measures are more critical than ever.
As IoT devices become more ingrained in transportation, manufacturing, and smart port operations, the importance of integrating them into the overall security framework is critical. Without diligent enforcement of cyber security best practices, these pervasive devices could become loopholes that attackers can exploit, subtly ingrained within the vital systems that sustain our society.
Recent regulatory developments, such as the Product Security and Telecoms Infrastructure Act – Part 1 (PSTI), have enhanced security baselines, primarily for consumer IoT devices. However, these measures are just the beginning. For critical national infrastructure (CNI), a more comprehensive approach is required, and simply adhering to these regulations is not enough.
To ensure critical infrastructure is prepared for IoT’s continued rise, CNI organisations must prioritise a robust, multi-layered approach. Here are five key IoT priorities for CNI organisations to safeguard these systems effectively.
1. Achieve end-to-end visibility
Limited visibility into their assets exposes CNI organisations to significant risks. According to recent research from Bridewell, nearly two-thirds of respondents (63%) report that their IT environments lack sufficient visibility over end-user devices, networks, and systems. This lack of visibility can undermine the security of critical infrastructure by leaving potential vulnerabilities unchecked.
To address this, organisations should integrate their various technologies and tools to create a comprehensive view of all assets. Engaging with managed detection and response (MDR) and extended detection and response (XDR) services can help detect, mitigate, contain, and remediate threats across the entire technology stack.
2. Consolidate security tools
The rapid proliferation of IoT devices has been matched by the multiplication of cyber security tools, creating unnecessary complexity and new blind spots. CNI organisations should consider outsourcing to specialist providers to consolidate their security tools under a single umbrella. This approach simplifies security management and enhances visibility, aligning with the proactive stance encouraged by recent regulations. Access to hybrid security operations centres (SOC) can also alleviate many IoT security burdens from cyber teams and bridge skills gaps.
3. Enhance cyber resilience
Cyber resilience is a top priority for CNI decision-makers. The evolving threat landscape requires organisations to continuously assess risks, identify vulnerabilities, and implement measures to mitigate these risks proactively. This includes preparing for the CAF framework prescribed by the National Cyber Security Centre and adhering to the EU’s NIS directive. Implementing rigorous best practices—such as altering default credentials, enabling multi-factor authentication, and disabling unnecessary protocols—should be a priority. These steps ensure that IoT devices are integrated into a robust security framework that can withstand sophisticated cyber threats.
4. Ensure proactive threat detection
Proactive threat detection is crucial for CNI organisations. Leveraging advanced services like MDR and XDR ensures comprehensive oversight and efficient threat management. Encouragingly, studies show that proactive threat detection is the most effective way to identify and mitigate breaches. This proactive stance is essential in protecting vital systems and ensuring resilience against potential attacks.
5. Address tool sprawl
Tool sprawl can create complexity and confusion, increasing vulnerability by expanding the attack surface and lengthening threat response times. Bridewell’s research found that CNI organisations are managing an average of 42 different security tools, with 13% grappling with over 60 tools. Outsourcing to the right provider enables organisations to consolidate their security tools under a single umbrella, providing a more integrated approach to cybersecurity and easing the strain on internal cyber teams.
Recent developments in IoT-focused regulations have enhanced security baselines, but these initiatives are only the beginning of an organisation’s IoT security journey. For CNI organisations, integrating IoT security into the overall security framework should be a necessity. This involves achieving end-to-end visibility, consolidating security tools, enhancing cyber resilience, proactively detecting threats, and addressing tool sprawl.
By prioritising these five areas, CNI organisations can safeguard critical infrastructure, ensure compliance, and build a future-proof security posture against ever-evolving cyber threats. The journey to appropriate and safeguarded use of IoT devices is complex, but with the right strategies, it is achievable.
Author: Chris Brown, Principal Lead Consultant, Bridewell
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.