With the number of connected Internet of Things (IoT) devices anticipated to swell beyond 41 billion by 2025,  organizations should put security at the forefront of their IoT strategies. Nowhere does this ring truer than in the healthcare sector, where patient safety is on the line.

Here, consulting firm Deloitte offers three tips to address IoT security in the products that organizations deploy in their environments and encourages manufacturers that make connected products to take a secure-by-design approach.

“The risk of compromise to a connected device is too great to ignore and often too late to reactively respond to,” says Sean Peasley, partner, Deloitte & Touche LLP, and IoT security leader for Deloitte cyber risk services. “Organizations should adopt a proactive, secure-by-design approach while strategically and intentionally working to monitor and patch outdated legacy equipment, software and infrastructure.”

1.Take note of every endpoint added.

The expanse of IoT increases with every endpoint added into a network. This adds more vulnerabilities and has become a more popular and destructive cyberattack. While the adversarial landscape is always changing, Deloitte advises organizations to bring as much of their endpoint footprint under their security management to better secure the attack surface. Industry analysts predict that spending on IoT endpoint security solutions will be more than $630 million in 2021. 

Once these devices are managed, integration of security tools can be a more effective security focus for the organization. As with most domains within cybersecurity, security professionals realize that to meet the complex security challenges of their organizations, they should formulate a sound security strategy and constantly evolve by making continuous improvements to best mitigate their risks.

2. Employ AI and ML to detect anomalies that humans can’t. 

You can’t prevent what you don’t know about. Artificial intelligence for IT operations (AIOps) has grown from an emerging category to an IT necessity. AIOps platforms are uniquely suited to establish a baseline for normal behavior and detecting subtle deviations, anomalies, and trends. This is significant as IoT turns much of the physical world into robots powered by AI. Organizations should take both a secure by design approach in tandem with an AIOps approach to both prevent and identify cyberattacks.

3. Conduct vulnerability assessments on devices.

As cyberattacks continue to grow, organizations should have confirmation that their connected devices—and the environment in which they’re deployed—have been designed, built, and implemented with security in mind. Whether through basic testing or a bug bounty program, testing can provide assurance around the security posture of an organization’s devices.