The Race to Shut Hackers out of IoT Networks

Considered among the weakest links in enterprise networks, IoT devices are used across industries to perform critical tasks at a rapid rate. An estimated 57% of deployed units "are susceptible to medium- or high-severity attacks," according to research from security vendor Palo Alto Networks.

IoT units are inherently vulnerable to security attacks , and enterprises are typically responsible for protecting against threats. Additionally, the IoT industry hasn't settled on standardized security, as time to market is sometimes a priority over standards.

The Expanding Attack Surface

IoT use is changing the way organizations do business, such as the following:

The IoT attack surface has quickly grown. Most devices use varying products and protocols from a widening array of providers, which has attracted bad actors to these critical enterprise resources.

IoT Trends

The 2025 State of Enterprise Connectivity report from Ericsson found that U.S. business leaders are accelerating investment in 5G and wireless WAN to move beyond the limitations of wired networks. This supports the rapid rise of AI, IoT and remote operations while addressing persistent challenges in workforce capacity and cybersecurity.

Related:How Does Network Security Handle AI?

Findings from the report included the following:

Seeking Resilient Connectivity

As organizations navigate increasingly distributed workforces, advanced tech adoption and the uncertainty surrounding federal spectrum policy, Ericsson said the survey findings reinforce the critical role of resilient, scalable and secure connectivity.

IoT Bulks up to Fight Attackers

Beset by increasingly advanced attacks on their expanding IoT networks, enterprise security staff have doubled down to counter AI-centric threats, while shrugging off tariff turmoil .

Related:1Password Study Reveals Four Security Challenges Caused by Unmanaged AI Access

According to Dell'Oro Group, the application security and delivery market alone experienced a 21% surge in revenue, driving worldwide network security up 12% to 6ドル.2 billion in the first quarter of 2025.

Cloud-Based Offerings Take Priority

The ascension of SaaS and virtual security options has created a situation where hardware products now trail innovative security from the cloud-based world, according to Dell'Oro Group research. However, this doesn't mean physical appliances will plummet in popularity, as firewalls and application delivery controllers are expected to regain some momentum.

Zero Trust Advances

The network security market is projected to exceed 26ドル billion in 2025, according to Dell'Oro Group. The surge is attributed to high single-digit growth driven by the continuing emergence of zero-trust initiatives, AI workloads and cloud processing.

Zero-trust approaches to cybersecurity enable businesses to construct systems that trust but also verify all attempts to access networks and computing resources. This architecture helps businesses and other entities fortify security by building zero-trust principles into their corporate network infrastructure and accompanying workflows.

Related:What is the State of SIEM?

From the Home Front

As for capabilities embedded directly on residential CPE, many residential gateways share processors and software stacks with enterprise Wi-Fi access points. This enables network teams to manage them remotely and integrate them with software-defined WAN, secure access service edge and other enterprise-wide applications. These gateways are also far more configurable for VPNs than before.

IoT devices that use Wi-Fi tend to present the most security concerns for enterprises, according to Tom Nolle, founder and principal analyst at Andover Intel.

"I don't hear much about security concerns from enterprises on their IoT systems, except for devices based on Wi-Fi, the same sort of stuff used for home security, thermostats, doorbells, etc.," Nolle said.

Some enterprises say they won't use those devices but instead rely on wired IoT, private LTE or 5G, or devices that use secure, specialized IoT protocols such as Z-Wave or Zigbee . Z-Wave uses AES 128 encryption, features IPv6 and supports data rates up to 100 kilobits per second, according to the Z-Wave Alliance , a tech industry association.

According to Nolle, consumer IoT devices pose security risks primarily because they rely on Wi-Fi connectivity. Businesses that use Wi-Fi and internet-connected devices are then susceptible to those vulnerabilities. To eliminate these risks, organizations must avoid using Wi-Fi-dependent devices altogether.

Looking Ahead to 5G Reduced Capability

The 3rd Generation Partnership Program (3GPP) is looking to provide a comprehensive upgrade for IoT systems that need more speed but not all the features of 5G. As such, the organization has approved a feature subset called 5G Reduced Capability (RedCap). It unlocks scalable and efficient 5G IoT connectivity for enterprises by using a simplified radio design and modem architecture.

3GPP's Release 17 feature list included the following:

The IoT Future

3GPP developed RedCap to provide a viable option for enterprises seeking a higher-performance, feature-rich 5G alternative to traditional IoT connectivity options such as low-power WANs (LPWANs). LPWANs are traditionally used to transmit limited data over low-speed cellular links at a low cost.

In contrast, RedCap offers moderate bandwidth and enhanced features for more demanding use cases, such as video surveillance cameras, industrial control systems in manufacturing and smart building infrastructure. These capabilities make RedCap a compelling option for enterprises with IoT deployments that exceed LPWAN capabilities but don't warrant the expense and complexity of full 5G implementation.

From a security standpoint, RedCap inherits strong capabilities in 5G, such as authentication, encryption and integrity protection. It can also be supplemented at application and device levels for a multilayered security approach.

The next version of 5G, Release 18, is expected to help drive 5G to the predicted IoT masses with improved positioning capabilities, AI and machine learning integration, and enhanced power saving features.