Outlining cyber threats, Devin Yaung, Senior Vice President, Group Enterprise IoT Products & Services, NTT Data shares the impact, challenges and strategies involved
Global spending in IoT is expected to surpass $1 trillion in 2026 according to IDC. This significant growth is fuelled by data hungry AI applications and digital transformation strategies that require solutions at the edge to digitise the physical environment. This proliferation of IoT devices and the volume of data being collected for Industry 4.0, healthcare, critical infrastructure applications and make them ideal targets for cyber criminals. For enterprises, this translates into a sharp increase in the number of potential attack vectors that IT teams must monitor, manage and consider as part of their organization’s cyber security strategy.
The impact of real-world IoT attacks and breaches
IoT devices are one of the most vulnerable points for attack and in 2023, approximately 54 percent of organisations suffered from an attempted cyberattack targeting IoT devices every week.
Attacks such as the Mirai Botnet, which is considered one of the worst Distributed Denial of Service (DDoS) attacks, infested IoT devices with malware through default usernames and passwords. Once a bad actor reaches a critical mass of infected IoT devices, the reconfigured devices can be controlled by a command server and instructed on what to attack. In the case of the first Mirai Botnet attack in 2016, an estimated 145,000 devices were used in an assault at a staggering 1Tbps, ultimately paralysing network traffic for the targeted organization.
The severity of attacks on IoT devices cannot be understated and this is especially true with critical infrastructure. Manufacturing and utilities are in the top five industries in the IoT space and vulnerable to cyberattacks due to the economic and strategic value of assets on site.
Industrial IoT systems can be victims of Stuxnet, a well known computer worm that crippled an Iranian uranium enrichment plant through Windows systems that were compromised through access to industrial Programmable Logic Controllers (PLCs). Other IoT-based attacks have seen significant traction across the healthcare sector leading the Food and Drug Administration (FDA) to express the importance of medical device lifecycle protection after repeated attacks through IoT devices in the healthcare space that have led to patient deaths.
Challenges and attack vectors
Organisations of all sizes face a significant challenge in securing their IoT deployments. An estimated 41 billion IoT devices will generate over 79 zettabytes of data in 2025. Many of which will run on legacy network infrastructure and Wi-Fi.
Despite significant improvements over the years that draw enterprises toward Wi-Fi, it is important to remember that Wi-Fi still runs on an unlicensed spectrum. Furthermore, many enterprises have their IoT deployments on the same core networks as their ERP and control systems. Legacy networks and Wi-Fi open potential opportunities for bad actors to go in, access data, or control devices through a variety of means including malware, ransomware, and denial of service attacks that could wreak havoc across an enterprise’s IoT ecosystem.
Other noteworthy examples include system breaches for automobiles or IIoT (Industrial Internet of Things), device tampering, data leakage, insecure communications, open source code and a lack of security standards. When an enterprise deploys IoT devices that leverage open source code, they are at an increased risk as threat actors are typically aware of it, how it comes together and its security shortcomings that can be abused.
Another common security challenge that organisations can address today is the use of default device passwords. These default passwords are widely known and pose a significant risk to an enterprise’s IT environment. Additionally, the lack of standards in the IoT ecosystem and their communications presents another vulnerability for actors to take advantage of as these messages and packets are often not encrypted and easily accessed.
Securing the IoT ecosystem
From a device standpoint, IoT devices typically lack robust encryption capabilities and being physical objects, they can be subject to tampering by bad actors. One solution that enterprises currently deploy is the use of embedded Subscriber Identity Modules (eSIMs) over physical SIMs due to their advantage of being inherently more secure thanks to their digital nature.
It is also recommended that enterprises enable SIM to International Mobile Equipment Identity (IMEI) device locking to mitigate risks to devices as this is one measure enterprises can take to prevent devices from having their physical SIMs from being tampered with or stolen. However, protecting the entirety of an IoT deployment requires a robust, secure and low-latency network solution that accommodates new innovations.
The emergence of Private 5G networks holds significant promise for better securing devices thanks to the innate advantages and security of 5G alongside the visibility enterprises have with a private network. This adds a layer of control that IT teams can leverage to improve their security posture.
For example, Private 5G networks enable enterprise 5G network microslicing. Once an anomaly is detected within a network environment, IT teams can easily look at their network traffic, segment parts of it into a Virtual Local Area Network (VLAN) environment and localise the security issue. This prevents the security issue from communicating with other devices across the network and minimises the threat to critical business operations.
Scale and security
As enterprises look to scale their IoT deployments to accommodate exciting innovative solutions at the Edge, all industries need to prioritise cybersecurity to fully harness the potential of IoT while reducing potential harm.
Emerging technologies including blockchain for secure transactions, AI for threat detection and secure hardware designs all contribute to an IoT ecosystem that embraces cybersecurity as a primary focus and not something that can be tacked on to deployment strategies. Looking ahead, it is paramount that the industry, manufacturers and regulatory bodies come to the table, collaborate and establish clear standards and best practices to foster a resilient and secure IoT ecosystem.

Devin Yaung is SVP at NTT DATA where leads the global Enterprise IoT Products and Services business. Prior to joining NTT DATA, Devin spent 25 years in consulting with leadership roles at Accenture and PwC where he has advised clients across multiple industries including telecom, high tech, healthcare, manufacturing, and retail. He has worked with the FCC on multiple studies on IoT/M2M, been a guest lecturer on IoT at Northwestern University and has contributed to multiple thought leadership pieces on IoT.
Author: Devin Yaung, Senior Vice President, Group Enterprise IoT Products & Services, NTT Data
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.