With the acceleration of digital transformation and convergence of IT and operational technology (OT) networks, Internet of Things (IoT), Industrial IoT (IIoT), and Internet of Medical Things (IoMT) devices are becoming essential tools in enterprise, industrial, and healthcare environments. Whether optimizing individual processes or entire factories and other critical infrastructure ecosystems, this expanding universe which we refer to holistically as the Extended Internet of Things (XIoT) is helping improve efficiency, reliability, responsiveness, quality, and delivery.
However, as companies introduce more XIoT devices that typically are not designed with security in mind, they also introduce risk to their environments. Nearly four years ago, NotPetya impacted a wide swath of multinational corporations in sectors including healthcare, energy, and transportation, bringing operations for many to a standstill and causing an estimated $10 billion in damages. Over the years, we've seen examples of how hackers can compromise connected cars to tamper with critical systems, such as the engine and brakes. We narrowly avoided an attack aimed at contaminating a water supply in Florida. But were unable to escape attacks on oil and gas and food and beverage companies that affected millions of people. And, tragically, a ransomware attack on a hospital may have led to the death of a baby because workers did not have access to necessary equipment and devices.
It isn't a big leap to imagine scenarios like threat actors disrupting production of the top pharmaceutical companies to create shortages or tamper with product quality. Some of the latest threats to critical infrastructure include seigeware, where a hacker compromises the systems that every business relies on to run their office infrastructure – lights, elevators, air conditioning and heating, and physical security systems. And GPS spoofing allows attackers to interfere with navigation systems and dupe vehicle operators to go off course. There are many ways adversaries can use connected devices to take bold actions or operate in the background to disrupt our economic well-being and, worse, cause physical harm.
Gartner refers to the combination of these networks and assets as cyber-physical systems (CPSs) and predicts that the financial impact of attacks on CPSs resulting in fatal casualties will reach over $50 billion by 2023. They note that even without taking the actual value of a human life into the equation, the costs for organizations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant. Adding urgency to address the situation, Gartner expects that by 2024, 75% of CEOs will be personally liable for CPS incidents.
Mitigating risk introduced by the XIoT
To address the rising use and risk associated with IoT devices, the IoT Cybersecurity Improvement Act was officially signed into law on December 4, 2020 and final IoT-specific guidance was released November 29, 2021. Recognizing a lack of uniformity in identifying vulnerabilities and supply chain risk introduced by IoT devices, the Act seeks to replace today's largely ad hoc approach with standards and guidelines. The Act includes several provisions, but the bottom line is that any IoT device purchased with federal government funds must meet new, minimum security standards.
While aimed at government agencies and the vendors and service providers they work with, any organization that uses CPSs would be wise to take their cues from the new law to enhance and formalize their XIoT security best practices.
So, where to begin?
The silver lining of the surge in attacks is that the C-suite is becoming well versed in the convergence of CPSs. Executive teams and CEOs are understanding the competitive advantages that interconnectivity brings as well as the inevitable risks. And they are learning how to mitigate those risks with security technologies and overall expanded risk governance.
At Claroty, we have been focused on extending the reach of our industry-leading platform to cover the XIoT. We continue to build on our deep capabilities, including full-spectrum visibility, exposure management, threat detection, and secure access controls for industrial, healthcare, and enterprise environments. Our platform allows you to extend your governance model to include the breadth of devices and systems within and connected to your environment, and to assess and strengthen your overall security posture.
We have forged partnerships to develop joint solutions, such as our solution with Crowdstrike, which brings in CrowdStrike Falcon's leading endpoint telemetry. This includes telemetry from any endpoint device that connects to the IT network from outside an organization's firewall – IoT devices, along with laptops, tablets, mobile devices, Point-of-Sale (POS) systems, switches, digital printers, and others. When used in combination, the solutions deliver full-spectrum IT/OT/IoT visibility and detection capabilities for threats that cross the IT/OT boundary.
Fueled by customer excitement and feedback to extend the reach and use cases of our platform even further, we took a major step forward with our acquisition of Medigate – a leader in healthcare and IoT security, as well as clinical asset management. Medigate is the first company to recognize, and address, the critical need for healthcare IoT security. As such, for the second consecutive year, Medigate by Claroty won the 2022 Best in KLAS for Healthcare IoT Security in the KLAS Software & Services Report. Together, Claroty and Medigate are combining our deep domain expertise and specialized technologies into a single platform capable of extending across all types of CPSs and connected devices to secure the XIoT.
The XIoT is quickly becoming a hallmark of modern organizations and an accelerator of competitive advantage. Let Claroty work with you to benefit from insights into risks and costs, and from guidelines put forth in new regulations, with a platform designed to help you get ahead of the risk and take advantage of the value the XIoT can bring to your organization.
To learn more about how Claroty can help your team prepare for and make the most of the rise of the XIoT, request a demo.
