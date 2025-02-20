With the number of IoT devices expected to skyrocket in the next four years, researchers have called on more robust cybersecurity protections to counter a wave of rising threats.

In a new study by Juniper Research , the number of devices is set to hit 28 billion globally by 2028. However, amidst this sharp growth, the increasing complexity of IoT networks means there's a greater need for effective frameworks that underpin security solutions.

A key factor in this call to action is the fact that industry has a fragmented approach to IoT security, researchers said.

"The IoT cybersecurity market is expected to reach $51 billion by 2028; partly driven by adoption from SMEs," said research author Michelle Joynson.

"To capitalize, vendors must simplify their solutions in a time when IoT architectures are becoming increasingly complex, and a greater number of connectivity technologies are used."

IDC advises enterprise IoT users to protect themselves against high-risk events such as data breaches, financial losses, and regulatory non-compliance by implementing zero trust architecture (ZTA) frameworks as a priority.

"ZTA frameworks operate on the principle that no device on a network is to be inherently trusted; requiring constant authentication," said IDC.

"These frameworks also offer greater visibility of IoT device activity through continuous authentication; enabling earlier threat detection and mitigation."

As for vendors, the scale of expected IoT growth and rapid pace of digitalization by SMBs means these frameworks will need to be deployed across IoT networks of various sizes.

As the number of networks grows, vendors should be leveraging the scalability of their ZTA frameworks to make sure that cybersecurity solutions can keep pace.

IoT remains a security blind spot for enterprises

IoT has become something of a wild west in terms of security, with connected devices representing the biggest targets in the UK last year.

Research from Beaming, for example, found there were at least 161 attacks on IoT devices per day, with threat actors increasingly targeting applications such as building control systems, network-enabled printers, remote monitoring tools, and industrial control systems.

According to the UK's National Cyber Security Centre (NCSC), many devices aren't secure by design or by default, aren't given regular firmware updates, or have weak authentication measures with limited logging, making it hard to detect suspicious activity.

Similarly, many may not be configured securely, lack proper network segmentation, or use unsupported or end-of-life (EOL) hardware.

Last year, analysis from WithSecure identified a steep rise in security incidents caused by the mass exploitation of IoT and edge devices, including MOVEit, CitrixBleed, Cisco XE, Fortinet’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect.

Earlier this month, the Five Eyes cybersecurity agencies released guidance on how to secure edge devices, including IoT devices, recommending that they include and enable standard logging and forensic features that are robust and secure by default.