This past year has brought many unexpected changes to the connected devices world and our daily lives. New vulnerabilities, recent cyberattacks, and the pandemic will all shape how connected devices develop in 2021. Ordr’s thought leaders, Craig Hyps, Darrell Kesti, Greg Murphy, Jeremy Haltom, and Russell Rice have come together to share their thoughts on what lies ahead for the industry.
More Remote Workers and Expanded Organizational Networks
As companies adapt to COVID-19 safety precautions and the “new normal,” more employees will be working from home on their own devices and equipment.
As a result of COVID-19, companies will continue to reduce on-premise workforces, and thus reduce user footprint and network equipment spend within the enterprise campus, and instead expand remote office/teleworker capacity. This will affect most industries including education and healthcare. - Craig Hyps
Over a quarter of employees forced to work from home will never return to claim a cube/space in the office, with a disproportionate density in many white-collar professions (hi-tech, legal, consulting, etc.). - Russell Rice
IoT device footprint will continue to expand as current and new devices are increased to enable greater automation and increase productivity both on-premises and off-premises (remote). - Craig Hyps
Companies will need to expand investment in off-premise security—whether via cloud-based security services or expanding security capabilities within remote/home office. Security plans will need to cover the growing footprint of personal and home office IoT present at remote locations. - Craig Hyps
Changes in IT and Cybersecurity teams
With more employees at home and more expansive security plans, IT and Clinical Engineering, and security teams will need to adjust their goals and projects.
Industrial OT and Biomed organizations in healthcare will increasingly report to the CIO as organizations realize that cybersecurity incidents impacting mission-critical devices are one of the greatest risks to business continuity. - Greg Murphy
Complete network asset and device visibility (all things inside the network along with all things ‘owned’, even if coming in remotely) will become a CISO mandated project. - Jeremy Haltom
Delay in refreshing legacy systems. COVID-19 has had an impact on almost all businesses and companies are holding on to their capital and large capital projects. Wholesale system upgrades to address things like the Windows 7 End of Life are going to be paused in 2020, and probably throughout 2021. This will especially be true in HealthCare Delivery environments. - Darrell Kesti
Increased Ransomware Attacks
Recently there have been high profile cases of ransomware and incidents such as these are likely to increase.
Ransomware will skyrocket based on all the high-profile accounts that paid huge ransoms recently. It’s becoming even more lucrative than ever to run these types of attacks as a bad actor. - Jeremy Haltom
Increase in Ransomware....this just seems to continue to go up in volume and money associated with the Ransom. - Darrell Kesti
Ripple20 Vulnerabilities Exploited
Worried about Ripple20 vulnerabilities? Patch and protect your devices before they are exploited.
The number of long-term embedded security flaws, like Urgent/11 and Ripple20 will escalate dramatically as more attention is focused on embedded TCP/IP stack attacks - Jeremy Haltom
Ripple20 will be weaponized and exploited in the enterprise. - Greg Murphy
It is just a matter of time on this one being weaponized and there being attacks focused on these vulnerabilities. It is just too large of a device surface / diversity not to see this be exploited. - Darrell Kesti
Increased Cyberattacks on Healthcare Networks and Devices
The global pandemic has made the healthcare industry a target for cyberattacks and this trend will likely continue.
COVID 19 related attacks. If you are part of the supply chain for PPE, a drug company developing and manufacturing a vaccine, or part of the response to COVID-19, you can expect you will be targeted. Also, I bet we see a huge increase in ransomware targeting the end users via spearphishing around the topic of COVID-19. - Darrell Kesti
Long-standing known vulnerabilities in healthcare devices will continue to be exploited, but weaponized to include threats that impact patient health/life, not just ransom of data, service access, or PHI theft. - Craig Hyps
Someone in the U.S. will die as the result of a ransomware attack, resulting in increased push for cybersecurity regulations in healthcare and increased cybersecurity budgets. - Greg Murphy
Further developments in the Healthcare Industry
The COVID-19 crisis has demanded quick action and innovation leading to new research and IoMT solutions.
A whole new brand of IOMT medical solutions are deployed in enterprises for COVID safety. This is happening in hospitality and education today. - Russell Rice
One or more major health systems will launch a ‘device cyber-security as a service’ offering to affiliate organizations. - Greg Murphy
Self-service systems, largely IoT-based, will blossom across numerous industries to reduce the need for human interaction - healthcare, retail, education, transportation, entertainment. - Russell Rice
The Future of Connected Devices
2020 has brought new, unexpected changes that will affect how connected devices develops in 2021. Employees from many industries will work from home, creating cybersecurity vulnerabilities as they connect to company networks remotely. IoT device visibility will become more important and security plans will change as capital purchases are reduced. Cases of ransomware and Ripple20 exploitation will increase as attackers see success. The healthcare industry will become a target for attacks as the industry expands in response to the COVID-19 crisis.
2021 will bring new devices designed to solve the challenges associated with adhering to COVID safety practices. Security procedures and plans will need to be recalibrated to cover those new devices as well as mitigate vulnerabilities discovered now.
Start developing your device security plan and secure your devices with Ordr. The Ordr System Control Engine (SCE) gives organizations the power to enable visibility and security of their network-connected devices, with a simple and powerful solution to identify, classify, profile the behavior and risk and automate action for every network-connected device in the enterprise. Want to experience Ordr on your network? Request a free sensor.