It’s no stretch to say connected devices are taking over the world. In every sector and country, endpoints are driving newfound efficiencies inside the smart home, office, and warehouse. These devices – from sensors to smart meters and industrial controllers – are booming post-pandemic and doubling over the next decade to 40 billion worldwide.
Overall, this evolution is digitizing businesses and uncovering insights on a new scale. But, there’s a downside, since more connected endpoints lead to larger attack vectors and potential bad actor entry points. This reality is reflected in a new report from Verizon which finds that as device dependency grows, so do the security risks.
As we head into the new year, and the pace of connected device growth shows no signs of slowing, let’s consider what enterprises and consumers can do to enjoy the benefits of devices while protecting themselves and their data.
What the survey says
The breadth and depth of device growth in consumer and corporate contexts is something to behold. Verizon reports that four out of five organizations consider mobile devices critical to their operations while 95% are actively using IoT devices.
Let that sink in—almost all the businesses in this report are using connected devices and their insights to drive decision-making. Yet this rapid uptake brings mounting cybersecurity risks, particularly as remote work and hybrid environments become the norm.
The stakes are especially high in critical infrastructure sectors, with 96% of respondents using IoT. More than half experienced severe security incidents that led to data loss or system downtime. This is a major red flag since such hacks can severely damage a business’s reputation through disrupted operations, compromised privacy, and financial losses. For example, the average data breach can cost a company $5M in 2024, a 10% increase over last year and the highest total ever.
The challenge extends beyond securing phones, tablets, and laptops. Today’s enterprise networks encompass a diverse ecosystem of sensors and purpose-built devices that monitor, measure, manage, and control commercial operations and data flow. This expanding array of endpoints requires admins to protect increasingly sophisticated networks with unique vulnerabilities. As these devices become integral to business operations and insights, organizations must implement adaptive security frameworks that evolve alongside emerging threats.
The security context heading into 2025
Heading into the new year, there’s no time for enterprises and consumers to waste in protecting their endpoints and networks. There’s a concerning lack of security and privacy guardrails from device makers in this space. Therefore, despite tighter security and privacy regulations on the way, users need to take proactive steps to ensure their protection.
One bright spot is that industries with better security standards and practices have consistently shown fewer vulnerable devices. This success model could soon expand across major markets as new regulations establish minimum security thresholds. Europe’s Cyber Resilience Act is now officially adopted and coming into force over the next 12 months, while America’s Cyber Trust Mark is launching this quarter. Meanwhile, UK device makers are already navigating world-first security and privacy rules that eliminate default passwords and other basic vulnerabilities.
While these regulatory frameworks will help secure devices at the manufacturing level, enterprises must remain vigilant at the network level. Even the most secure device can become vulnerable if network protections aren’t robust. This multi-layered challenge demands immediate action.
Actionable steps for device security
Business leaders of all sizes and sectors need to take this threat seriously. As mobile and IoT threats rise, the need for comprehensive security measures has never been greater. The good news is that, in response to these growing threats, 84% of report respondents have increased their mobile device security spending over the past year. Additionally, nine out of 10 (89%) critical infrastructure respondents are planning further increases. So, where should this new funding go?
First, enterprises and consumers need to consider how their devices communicate. This means ensuring the connection is secure—ideally peer-to-peer to eliminate cloud server vulnerabilities—with data stored as close to the source as possible. Edge storage offers compelling advantages here, keeping data closer to home while providing better latency for threat detection. As an added benefit, bypassing cloud infrastructure reduces both security risks and ongoing server costs.
Second, strong authentication is crucial. While eliminating default passwords and implementing unique credentials with multi-factor authentication is essential, organizations should consider more advanced solutions. Public Key Infrastructure (PKI) offers superior protection by using asymmetric cryptography to establish trust between client and device. This password-free approach generates unique keys for authentication, making it not only more secure than traditional passwords but immune to brute-force attacks.
Finally, take a deeper look at network segmentation (to ensure successful attacks can’t move laterally) and continuous monitoring (to catch any attack at any time of day). Likewise, don’t assume and always verify by following the principles of zero trust.
The connected device revolution brings tremendous opportunities but only if we implement proper security measures. Bad actors rely on weak configurations and easy access points. Until regulations fully mature and manufacturers raise their standards, the responsibility falls to all of us to ensure secure operations. By implementing these measures now, organizations can protect their assets while capitalizing on the benefits of connected devices. Watch closely and good luck.
Carsten Rhod Gregersen is an IoT expert with more than two decades in software and innovation. Carsten is the founder and chief of Nabto, a peer-to-peer real-time communication platform for connected devices. He’s written for outlets including TechRadar, Help Net Security, EE Times, and more.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.