The hidden risks of IoT: Why businesses need to modernize mobile security

A computer being guarded by cybersecurity.
(Image credit: iStock)

Remember the SolarWinds supply chain breach in 2020 where more than 18,000 SolarWinds customers inadvertently installed updates containing malicious code? Cybercriminals used the codes to steal customer data and then spy on other organizations. That showed how even big companies can be vulnerable due to weak links in their tech supply chain.

Supply chain security is critical and the increasing use of mobile devices is transforming the workplace and industrial landscape. The reliance on these devices comes with significant security concerns, particularly in critical infrastructure sectors where breaches can have catastrophic consequences.

Annette Lee

Head of Global Enterprise for Asia Pacific at Verizon Business Group.

Mobile and IoT devices: The new frontier

In a survey of 600 security strategy, policy and management professionals from around the world, the Verizon Mobile Security Index (MSI) highlights this growing concern. Unsurprisingly, more than 80% of organizations consider mobile devices critical to their operations and 95% are actively using IoT devices. In fact, over half of those deploying IoT devices reported experiencing significant security incidents.

Challenges posed by the increase in mobile and IoT devices

A staggering 95% of companies surveyed actively use IoT devices, reaping considerable efficiency and innovation benefits. However, this widespread adoption also introduces significant security risks. In critical infrastructure sectors, where 96% of companies deploy IoT devices, 53% have experienced significant security incidents involving data loss or system failure.

Improving existing security concepts is essential, as nearly a third of those surveyed lack holistic monitoring of all IoT devices within their organizations. Additionally, 46% of critical infrastructure companies still rely on manual audits to verify the encryption of IoT devices.

These outdated methods are insufficient to withstand the complex threats of today's cyber world. Nevertheless, many companies are responding proactively, with 89% planning to increase their investment in mobile security solutions. Awareness of the need for modern security strategies is growing.

In addition to IoT challenges, AI-supported attacks are emerging as a significant threat. With 77% of those surveyed expecting attacks like deepfakes and SMS phishing to be successful soon, and 88% of critical infrastructure respondents recognizing the importance of AI-based cybersecurity solutions, the urgency is clear.

To prepare for future threats, companies must adopt innovative technologies alongside classic security solutions. This includes comprehensive security concepts such as Zero Trust and the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, as well as meeting regulatory requirements like the EU’s NIS2 directive.

In Singapore, a new cybersecurity amendment was passed into law by the Singapore Parliament in May which significantly broadens the scope of regulated entities and systems beyond the critical infrastructure providers the Act was initially focused on.

This is a response to the rise of cloud computing and the growing role third party providers play in helping run tech platforms that underpin the economy, from energy utilities to public healthcare providers and the financial system. The Act has been expanded to cover Foundational Digital Infrastructure (FDI) providers, and systems that are virtual and located overseas.

The growth of the Industrial Internet of Things (IIoT) further complicates the cybersecurity landscape. As sensors and specialized devices are integrated into corporate networks, it is essential to secure not only traditional IT systems but also address the specific requirements of IIoT.

From employee education to Zero Trust

To combat evolving threats, businesses are increasingly investing in mobile cybersecurity and adopting advanced security frameworks. The shift to remote and hybrid working arrangements, spurred by pandemic restrictions, along with the increased use of IoT sensors in smart city infrastructure and manufacturing plants, has driven companies to bolster their mobile cybersecurity efforts.

Approximately 84% of organizations have ramped up their spending on mobile device security. The persistent threats posed by shadow IT remain a significant concern. Respondents anticipate growing threats such as AI-assisted attacks, including deepfakes and SMS phishing, which necessitate more advanced threat detection, employee education, and adherence to cybersecurity standards and frameworks like Zero Trust.

Historically, mobile cybersecurity has often been overlooked as organizations focused on securing their core on-premise networks and cloud infrastructure. However, the MSI further reveals, mobile devices—whether smartphones, laptops, remote video cameras, or temperature sensors—represent critical endpoints that could be breached. This underscores the urgent need for businesses to modernize their security strategies to address the evolving threats posed by mobile and IoT devices.

"Navigating the future: Prioritizing mobile and IoT security in an AI-driven world"

As AI-supported attacks further complicate the cybersecurity landscape, it is imperative for companies to adopt innovative technologies and comprehensive security concepts to effectively combat these threats. Meeting regulatory requirements is also essential to ensure robust cybersecurity measures.

Securing critical infrastructure demands unwavering commitment. To build trust in public services and companies, organizational and security leaders must take decisive action. Business leaders need to ensure full visibility into all IoT projects across their organizations and enforce consistent standards for mobile security, IoT built-in device security, network segmentation, and data encryption.

Educating employees and end users about the dangers of credential theft, the importance of basic security hygiene, and the power of skepticism and situational awareness is crucial. Cultivating a robust cybersecurity culture within organizations is essential, as anything less than relentless protection efforts is insufficient when the stakes are so high.

This call to action extends beyond critical infrastructure organizations. The MSI revealed similar patterns of mobile and IoT security gaps across all industries. Public and private organizations must collaborate to deploy multiple layers of defense to thwart threat actors and safeguard the immense progress enabled by mobile and IoT connectivity. By doing so, we can better protect our data, systems, and overall digital presence in an increasingly interconnected world.

We've featured the best business laptop.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Annette Lee is Head of Global Enterprise for Asia Pacific at Verizon Business Group.