Cyberattacks targeting enterprises most often start on internet of things (IoT) endpoints, then move laterally across corporate networks to take control of identities and infrastructure. Corporate-owned IoT devices continue to be one of the most popular attack surfaces, followed by personally-owned IoT devices.    

Forrester's Top Trends In IoT Security In 2024 report provides insights into nine trends defining the current landscape and future direction of IoT security. The study found that 34% of enterprises that experienced a breach targeting IoT devices were more likely to report cumulative breach costs between $5 million and $10 million, compared to organizations that experienced cyberattacks on non-IoT devices.

IoT devices continue to be among the most vulnerable endpoints because their designs prioritize ensuring low latencies for real-time data capture. Integration has historically outranked security as a design goal in IoT products, making them difficult to defend. 

Forrester's top nine trends for IoT security in 2024

Forrester believes nine dominant trends will define the current and future landscape of IoT security. One of the report's main takeaways is that closing the many security gaps between IoT sensors, systems and legacy infrastructure is becoming more challenging. That’s especially the case in healthcare and manufacturing, two industries under siege from cyberattacks. 

Here are the top nine trends Forrester says will define the IoT security landscape in 2024.

There's still a disconnect between networking and security leadership

Forrester continues to see networking and security leadership pursuing different priorities, leading to disconnects when it comes to securing IoT endpoints. Network and telecom leaders continue to prioritize the security of IoT devices. Security leaders were much less likely to cite emergent solutions in IoT devices as a leading concern compared to cloud computing middleware, artificial intelligence (AI) platforms or even quantum computing.

Adoption of IoT devices continues to grow worldwide

IoT device adoption is proliferating quickly across the U.S. and Europe, contributing to the devices becoming the most targeted. Global spending on IoT technologies is projected to soar from $280 billion in 2024 to $721 billion by 2030. Adoption is growing the fastest in manufacturing, pharma, financial services and insurance in the U.S., and water, waste, telecom and other manufacturing and pharma in Europe.

“With IoT, one of the interesting things is you're going to see an explosive growth of devices, which will collect data and transfer data," Srinivas Mukkamala, CPO at Ivanti, told VentureBeat. "We're going back to the data harmonization problem here. Then you're also talking about a massive attack surface. Your attackers can use your IoT as an entry point depending on what that IoT device does. If you're talking critical infrastructure, that's a great backhaul into your controllers. If you're talking about autonomous cars, because that's IoT as well, you're taking over a safety concern.”

Forrester analysts also note that few organizations have an exact census of all sensors that are vulnerable endpoints today.  

Breach costs are higher when IoT devices are targeted

Security decision-makers whose organizations were breached were ten percentage points more likely to report a cumulative cost between $5 million and $10 million than those who didn’t have their IoT devices targeted. Not having integrated security controls within IoT devices, poor code maintenance leading to vulnerabilities remaining exploitable for longer periods and insecure deployment practices, including limited network segmentation, also contributed to breaches occurring. Security leaders also said there was little to no incident monitoring when IoT devices are compromised and a lack of visibility of which IoT devices are currently open in their environments.

Botnets continue their attacks on IoT devices

Adversaries continue to fine-tune their tradecraft using AI to make malware less detectable while creating more lethal distributed denial-of-service (DDoS) botnets. Forrester has found that Mirai malware targeting IoT devices has made a comeback, further validating this trend. Botnets are increasingly being designed to take control of personal IoT devices and expand the scope of distributed attacks. Healthcare and manufacturing are considered soft targets due to the proliferation of new IoT devices combined with their vulnerable installed bases of devices.

Vulnerability management solutions can safely assist in identifying IoT devices

The majority of organizations aren’t sure how many IoT devices they have or the mix of endpoints that span their infrastructure. Even when an IoT device is identified, organizations struggle to automate patch management at scale. Cycognito, Cymulate, Forescout, Microsoft and Lansweeper are a few companies offering tools that can identify IoT devices without disrupting their operations and provide vulnerability risk context to help security and risk leaders understand and address the security posture of the device.

Identity and access management solutions support management of IoT access

Ensuring IoT device access is protected using zero trust is table stakes for reducing the threat of breaches. The National Institute of Standards and Technology (NIST) provides NIST Special Publication 800-207, which focuses on securing networks where traditional perimeter-based security isn’t scaling up to the challenge of protecting every endpoint.

Core to zero trust is least privilege access, where access is granted only on a session-by-session basis. Continual authentication and authorization are required to regain access to any resource on the network. Forrester mentions Keyfactor, Thales Group and Utimaco as vendors who are delivering IAM for IoT devices that can restrict access, limit what data those devices can access and prevent the devices from being compromised and used for destructive purposes.

Segmenting IoT device networks has gotten easier

Known historically as one of the most challenging projects to complete as part of a zero-trust framework, Forrester sees an emerging trend for segmenting IoT devices becoming easier. The goal needs to be ensuring devices can only send to and accept traffic from specific resources, including internet sites. In a webinar, "The time for Microsegmentation is now," hosted by PJ Kirner, CTO and co-founder of Illumio, and David Holmes, senior analyst at Forrester, Holmes said, “You won't really be able to credibly tell people that you did a zero trust journey if you don't do the micro-segmentation.”

Forrester mentions Check Point Software, Cisco, Fortinet and Palo Alto Networks as providing solutions that can identify IoT devices that operate at network edges, and are also capable of establishing segmentation rules to limit the flow of traffic to and from trusted resources.

Endpoint security for IoT devices is maturing

IoT and Extended Internet of Things (XIoT) devices defy simple configuration adjustments to secure them as endpoints at scale. Vendors, including CrowdStrike with Falcon Insight for IoT, SentinelOne and Trend Micro, have endpoint security agents that are either deployed on IoT devices during the manufacturing process or rely on network-based sensors to provide information on device identity, endpoint vulnerability warnings and alerts for compromised hosts.

“With the acceleration of OT digital transformation, organizations are struggling to address security challenges, including stopping sophisticated attacks and dealing with operational complexity in securing XIoT assets in Industrial Control Systems (ICS) networks,” said Michael Sentonas, president of CrowdStrike.

IoT security management solutions are servicing more device types

As the number of IoT devices surpasses desktops and laptops in many organizations, Forrester is seeing the need for platforms that can keep up with device inventories while providing IAM, networking and data security controls. What’s making this trend accelerate is the fact that organizations are looking to secure IoT devices within their zero-trust frameworks. Forrester mentions IoT security platform vendors Armis, Atos, Claroty and Nozomi as examples of those providers meeting the challenges organizations face in securing IoT endpoints.