43% of businesses don’t protect their full IoT suite, reports Kaspersky


Kaspersky released the “Pushing the limits: How to address specific cybersecurity demands and protect IoT” report revealing that two-in-five businesses are yet to protect their IoT infrastructure fully.

In its simplest terms, IoT is a collection of devices connected to the internet. It’s a network of things implanted with technologies intended to connect or exchange data with other devices and systems over the internet. Examples of IoT solutions are smartwatches, smart fridges, and medical sensors. Unfortunately, while IoT help uplifts a business at large, anything connected to the internet poses vulnerability to online attacks. 

That said, businesses still not having their IoT solutions completely protected means their IoT projects are at risk of being breached or compromised.

(source: Kaspersky)

According to Kaspersky, one of the reasons this may be due to the great diversity of IoT devices and systems, which are not always compatible with security solutions. And even then, 46% of businesses fear that cybersecurity can affect performance, while 40% of others find it too hard to find a fitting solution. 

Other common issues they face when implementing cybersecurity tools are high costs (40%), inability to justify the investment to the board (36%), and lack of staff or specific IoT security expertise (35%). 

Alternatively, 57% of businesses also find that the risk of cybersecurity breaches and data compromises prevents them from implementing their IoT projects in the beginning. This happens when companies struggle to address cyber threats at the design stage and then carefully weigh up all pros and cons before implementation.

“An IT error can be embarrassing and expensive; an IoT error can be fatal. But cybersecurity is only one part of making a system trustworthy. We also need physical security, privacy, resilience, reliability, and safety. And these need to be reconciled: what can make a building secure (locked doors for example), could make it unsafe if you cannot get out quickly,” commented Stephen Mellor, Chief Technology Officer at Industry IoT Consortium.

To help organizations fill the gaps in their IoT security, Kaspersky suggests the following approaches:

  • Assess the status of a device’s security before implementing it. Preferences should be given to devices with cybersecurity certificates and products from manufacturers who pay more attention to information security.
  • Use a strict access policy, network segmentation, and a zero-trust model. This will help minimize the spread of an attack and protect the most sensitive parts of the infrastructure.
  • Adopt a vulnerability management program to regularly receive the most relevant data about vulnerabilities in programmable logic controllers (PLCs), equipment, and firmware, and patch them or use any protection workarounds.
  • Check the “IoT Security Maturity Model” – an approach that helps companies evaluate all steps and levels they need to pass to achieve a sufficient level of IoT protection.
  • Use a dedicated IoT gateway that ensures the inbuilt security and reliability of data transferring from edge to business applications, such as Kaspersky IoT Secure Gateway 100. In addition, it is Cyber Immune, which means almost no attack can affect the gateway’s functions.

Read the full “Pushing the limits: How to address specific cybersecurity demands and protect IoT” report by Kaspersky for free and available to download here.