By Michael Skurla, Chief Product Officer, Radix IoT

By 2025, the global IoT technology adoption is projected to reach over 152,200 devices connecting to the internet per minute, potentially generating $4-11 trillion in economic value. However, this proliferation comes with security vulnerabilities that fall outside traditional IT protections.

IoT attacks have escalated dramatically, reaching over 10.54 million incidents by December of last year. An IoT network comprises physical devices with embedded sensors, software, and network connectivity from various manufacturers. While this diversity enables enterprises to aggregate critical business data, the market has shown reluctance to invest significantly in security measures.

Recent technological advances—including cellular-based connectivity, optimized protocols, and AI integration—have enhanced IoT solutions. These innovations improve data analytics and reduce latency, though they introduce new complexity.

Several regulatory frameworks now address IoT security. The EU’s Cyber Resilience Act represents a €1.5 trillion cybersecurity initiative. The 2020 IoT Cybersecurity Improvement Act prohibits U.S. agencies from procuring non-compliant devices after December 4, 2022. This July, the White House introduced a voluntary consumer labeling program for smart home devices.

Existing standards include European ETSI EN 303 645, ENISA guidelines, and U.S. NIST frameworks. Yet regulations represent minimum compliance, not comprehensive protection.

By July 2023, 87 publicly disclosed security incidents compromised 146.29 million records. The greatest threats emerge at the “far edge”—devices from vending machines to servers that become attack vectors.

Current enterprise defenses rely on policy, awareness training, and technology tools. However, these approaches prove insufficient. By 2025, IoT devices are expected to outnumber non-IoT devices by 3:1.

According to Consumer Reports’ analysis, “60 to 70 percent of browser and kernel vulnerabilities… are due to memory unsafety,” many preventable through memory-safe programming languages. Current regulations focus on basic improvements: eliminating default passwords, establishing vulnerability reporting mechanisms, and ensuring product transparency.

The industry must shift perspective from prevention to detection and recovery mechanisms. Enterprises should embed cybersecurity competency throughout operations rather than hiring additional specialists. Fundamentally, most breaches originate from basic human factors.

Critically, IoT security involves multiple interconnected devices, whereas IT security focuses on individual equipment. Three essential considerations remain: regulation, safety, and liability. Regulators move slowly while technology evolves rapidly—the challenge now requires comprehensive responsibility across stakeholders.

Originally published in BizTech Reports.