Internet of Things (IoT) security has always been challenging. As 2023 comes to a close, it’s time to look into the future for the next 12 months with some key predictions. Organizations planning out their security programs, especially how to secure their IoT devices, would do well to consider these IoT security predictions in the weeks and months ahead. 

This past year was one of expansive growth in the number of IoT devices deployed. The number of connected devices in the world grew to 15.14 billion in 2023, with another 2 billion expected to come online in 2024. The sheer volume of IoT devices connecting to the internet at any given time complicates every security practitioner’s job. 

In 2024, we expect IoT security teams to prioritize these areas:

• The human element of their security programs 
• Staffing shortages in cybersecurity teams
• Shadow IoT 
• Artificial intelligence
• Vulnerabilities in the Internet of Things
• More need for threat detection, investigation, and response capabilities 

Each IoT security prediction will have an impact on the ability of organizations to defend large and growing IoT deployments.  

IoT Security Prediction #1: The Human Element Gains Focus

The human element will become even more important in 2024 than it has been in 2023. It’s well known that people are the weakest link in any security program. Phishing emails remain the top tactic for cybercriminals, with 91% of attacks starting with such a message. These work because people are susceptible to the emotional impact of many of these messages, and it just takes one lapse. 

The human element will come into focus for a different reason in 2024, however. According to Gartner’s recent research, 50% of CISOs are going to formally adopt human-centric design practices into their cybersecurity programs to minimize operational friction and maximize control adoption. What this means from a functional perspective is designing security programs in concert with the rest of the organization to make sure that the company remains secure while work can also be completed. 

It’s very common for employees to circumvent security measures to get work done. That can include putting IoT devices on networks without checking their security capabilities or adding devices to networks where they will have excessive access.

IoT Security Prediction #2: Staffing Shortages Create Risk

There is a severe shortage of skilled security professionals in the United States today. ISC² recently found that there remains a shortage of 4 million cybersecurity professionals, despite a 10% growth in the cybersecurity workforce over the preceding 12 months. Companies have gone on significant recruitment drives to resolve this skills gap, but it’s only made a little bit of a dent in the security staffing problem. 

This shortage of skilled professionals is going to become an even bigger security risk in 2024. People with both cybersecurity and IoT knowledge are rare. With the staffing shortage looming large, organizations are at increased risk of a breach. The lack of skills at most organizations means that new devices aren’t getting the attention needed to be protected. If the staffing shortage isn’t ameliorated, more attacks could occur through inexpertly defended IoT devices. 

IoT Security Prediction #3: Shadow IoT on the Rise

As IoT becomes more common in the enterprise, there will be a growth in the amount of shadow IoT. Gartner’s research showed that by 2027, 75% of employees will acquire, modify or create technology that IT lacks insight into – up from 41% in 2022. This is problematic in general, especially given the risks inherent in a lack of insight into the full attack surface.

The increase in shadow IoT is going to create a bigger risk of a cyberattack for many organizations. Security teams would do well to deploy technologies that capture the full scope of devices connected to their infrastructure. 

IoT Security Prediction #4: Artificial Intelligence Becomes a Bigger Issue 

Artificial Intelligence is likely to become a bigger security issue in IoT. This isn’t even considering the use of AI to generate malicious code for use by cybercriminals. Rather, the rise of tools like GitHub Copilot and other AI-generated code means that there is a bigger risk of security issues being inserted into IoT devices from a firmware perspective. 

There are already major issues with IoT devices in terms of secure coding practices not being standard throughout the industry. As AI tools become more broadly used and integrated into more CI/CD pipelines, security professionals will need to be aware of any potential vulnerabilities hard-coded into IoT devices that are already difficult to patch.                                                                                                                                                                

IoT Security Prediction #5: IoT Vulnerabilities 

Internet of Things devices are incredibly difficult to patch at the best of times. In 2024, the ascendance of IoT systems in more organizations will put vulnerabilities in things like security cameras, pacemakers, printers, and other connected devices more in focus. Security teams at organizations of all sizes should take a hard look at the IoT systems included in their corporate networks for a more cohesive approach to patching or mitigating vulnerabilities.  

Avoiding the discussion is no longer an option, especially with the growing prevalence of IoT devices in most organizational networks. Given how damaging a breach can be from the root of an IoT device, examining connected devices for weaknesses and building a plan for how to address those is key for the months ahead. 

IoT Security Prediction #6: Threat Detection, Investigation, and Response Capabilities Will Become More Crucial 

Threat Detection, Investigation, and Response (TDIR) capabilities are going to become more vital for IoT security programs in 2024.  According to Gartner research, around 60% of TDIR programs are going to integrate exposure management techniques in the next few years. This is a dramatic increase from only 5% today. 

Threat detection and investigation in the IoT sector have always been complex. As more IoT devices come online, however, organizations will need to seek out systems that can detect anomalous behavior and centralize the investigation of IoT-based attacks. IoT devices also cause substantive growth in organizational attack surfaces, necessitating the use of exposure management capabilities to see precisely what traffic is flowing to and from IoT systems within the corporate network. As a result, the ability to monitor for threats, investigate alerts, and respond to active incidents will become even more crucial. 

Conclusion

The Internet of Things is here to stay. As more companies integrate connected devices, whether those are for better patient care in healthcare organizations or for temperature monitoring in manufacturing environments, the reality of needing to build a robust IoT security program is clear. 

In the year ahead, security teams need to adapt to the changing nature of protecting the IoT. This will include considering the human element of their program, scaling within their means to account for staffing issues, and understanding the spread of shadow IoT. This is alongside the challenges wrought by the growth of artificial intelligence, a consistently vulnerable IoT device architecture, and a greater need for robust threat detection, investigation, and response functionality. 

Asimily is here to help. Please contact us today to find out how our IoT security platform can help better protect your connected devices.