The continued proliferation of IoT will present both challenges and opportunities for MSPs in 2021. Projections put the number of IoT devices by 2021 at over 35 billion. This parade of IoT devices ranges from security cameras to appliances to factory-floor autonomous vehicles to medical devices and more.
According to New Generation Applications, only 0.06 percent of all devices that could be adapted for IoT are being adapted. This points to massive opportunitiy for growth in connected devices.
“IT talent is too thin and budgets too small for most companies to manage this much connectivity, MSPs are the logical place for most enterprises reach to,” says David Price, a cybersecurity specialist in Pittsburgh.
The explosion in IoT is at least partially why, according to Syntax, 83 percent of IT leaders with in-house security teams are now considering outsourcing their security efforts to an MSP in 2021.
“This presents an immense opportunity for MSPs as many companies are literally shutting down their own in-house IT operations and looking to farm out the work,” Price points out.
Security firm Kaspersky says the advantages of IoT in business probably outweigh the risks. Some risks, however, to be aware of include outage of services, data loss regulatory [non]compliance, reputational and direct financial loss.
“Many MSPs have been reluctant to fully embrace IoT devices as a part of their standard security packages, but the numbers are dictating that IoT will be tough to ignore if an MSP wants new business,” Price advises.
With more and more IoT devices coming online every day and MSPs increasingly viewing IoT cybersecurity management as part of the services package, some standard steps should be taken to ensure IoT device security.
“Like with so many things, IoT breaches happen when there is a blind spot to the basics,” Price says. With IoT, the sheer number of connected devices increases the statistical odds for some sort of failure.
Steps MSPs should take when providing IoT security
PLAN: First of all, Price advises, don’t want until after there is a breach involving a client’s office smart printer to swing into action. While each security incident is different, and each IoT device presents other challenges, there should be a common thread regarding security, and this is the plan. Openness, transparency, and having a strategy in place to clean-up and contain damage, will help set expectations for all stakeholders.
DEVICE SECURITY: Depending on your service agreement, an MSP may or may not have much control of IoT devices used by a corporate client. MSPs managing the networks, but not supplying the devices, should check security certificates for the IoT devices in being used in the workplace.
“Many companies will just buy the cheapest security cameras they can find off Amazon or their local electronics dealer, and that is often bad for cybersecurity,” Price states.
There are also regulations to consider. If your portfolio includes health care clients or financial data, there are laws on the books that require a certain level of security, and an MSP can be held liable if it turns out lax devices are being used.
DEVICE AUDIT: Know what IoT devices your client is operating and when new ones come online – right down to the coffeepot. Again, the challenge for MSPs is simply keeping on top of the sheer number and ever-shifting inventory of IoT devices in a client’s network.
“You can’t protect what you don’t know about,” Price points out.
Ensure you regularly scan the network for new connected devices; you can’t always rely on being told in a timely fashion of IoT devices.
CREDENTIALS: Standard default logins and passwords need to be changed.
Botnets are always scanning IoT systems that use the factory default or hard-coded usernames and passwords. It just takes one hit to get in, and there’s trouble.
“Changing passwords on these devices is security 101; it must be done,” Price advises. MSPs should be forging a relationship with sensor vendors, software companies, and other entities including device manufacturers .
NETWORK SEGMENTATION: If your smart printer is compromised, a well-segmented network can contain the breach.
“Think of a network as a hallway with a securely locked door. The hackers get through, and then, much to their dismay, there’s another locked door, and after that, another,” Price says. “Make your network as segmented as possible to avoid lateral attacks.”
Remote work is another complicating factor in IoT cybersecurity because it’s no longer just the office coffee pot that poses a threat, it could be the baby monitor, burglar alarm, Nest camera, and more that all serve as potential portals for threat actors to find their way in.
MSPs and IoT are just at the beginning stages of what will be a long, complex relationship. In the weeks ahead we’ll take a look at more specific IoT security perils that MSPs will need to ahead of.
Photo: PopTika / Shutterstock