Some 75 billion Internet of Things devices are expected to be on line by 2025, with the healthcare sector among those ramping up to increase investments in connected devices, according to Armis, a vendor of software that discovers all devices in an environment, analyzes their behavior to identify risks or attacks, and protects critical business information automatically. Armis Vice President Joe Lea offers seven predictions for healthcare IoT devices for 2019.
Smarter attacks will hit IoT devices
Since the Mirai botnet attack in 2016 ushered in a rapid evolution of IoT attacks, devices have been used maliciously for cryptomining, ransomware and mobile malware attacks. In 2019, threats will be far more sophisticated by including advanced persistent threats for surveillance, data exfiltration and direct manipulation to disrupt operations in healthcare and elsewhere.
IoT security will become a board-level priority
About 30 percent of healthcare and other industry entities that Armis works with today discuss IoT security at the board level because more boards are recognizing the risk, compliance issues and exposure of new devices. Consequently, securing devices is becoming a priority. Even though IoT devices may be a driver of revenue growth, they remain a substantial threat. Lea expects that 60 percent of board rooms will prioritize IoT security.
Group Of Business People Having Meeting In Office
Monkey Business - stock.adobe.com
CIOs take the lead in boosting IoT protections
Chief information officers in healthcare and other sectors are recognizing the failure of device makers to prioritize security, and as a result, CIOs will become IoT security stewards. “IoT security will be a line item on IT budgets in 2019 as a result of the growing awareness of the security issues, and we’ll see CIOs formalize and shepherd IoT security initiatives enterprisewide,” Lea predicts.
Providers are cobbling together a stronger defense
Providers are cobbling together multiple IoT security solutions hoping for better visibility and protection. But it is impossible to install security on all connected devices in an enterprise environment, particularly when the IT department is unaware of half of the devices already in the environment. Various units in the organization have their own siloed data and deployments, yet have a shortage of security skills needed to get value out of the devices. Over time, providers will abandon the piecemeal approach and adopt dedicated IoT security platforms.
IoT security standards will become a priority
Amid new warnings of IoT security from the FBI and Department of Homeland Security, some industry entities—including NIST, CIS and MITRE—are rolling out standards for IoT. That work is coupled with congressional passage of the SMART IoT Act this past December, under which healthcare entities and other enterprises must address unmanaged devices in their security programs. This includes an inventory of the entire connected enterprise, assessment of risks and vulnerabilities, monitoring for threats, and developing incident response capabilities.
Worries rise about blunting attacks that target networks
Armis has identified two chip-level vulnerabilities, which it has named BLEEDINGBBIT, impacting access points and potentially other unmanaged devices. These are vulnerabilities related to use of Bluetooth Low Energy chips from Texas Instruments. The vulnerabilities affect Cisco, Aruba and Meraki access points, permitting hackers to attack networks undetected, introduce malware, move where they want in networks or destroy network segmentation. Expect more attacks resulting from these vulnerabilities including disruption of patient care within healthcare organizations, Armis advises.
Organizations turn to security services to defend IoT devices
Recent reports indicate IoT managed security services will increase five-fold by 2020, starting with manufacturing, transportation and energy, then subsequently spreading to healthcare and finance, Armis predicts. “Layering on IoT security is an obvious offering, given the rising need and questions by every business looking to secure themselves,” Lea adds.