Australian and New Zealander companies are rushing to tap internet of things (IoT) devices for post-COVID digital transformation. But most ANZ companies must double down on IoT security\u2014or risk compromising the very digital-transformation initiatives they are trying so hard to fast-track.Predictions of strong growth come from recognition that \u201cIoT-based use cases can assist in delivering remote and distributed operations across the enterprise,\u201d IDC said in a recent report, with a prediction that ANZ companies\u2019 IoT spending will recover from a COVID-19 slump this year and grow by 9.5% annually through 2025.Strong expenditures across manufacturing, utilities, and transportation would continue to drive over half of overall IoT spending, IDC predicted, with the construction and utilities sectors leading the growth in 2021. Key use cases include manufacturing operations, production asset management, electricity smart grids, and freight monitoring. Software such as IoT management applications and analytics software will be the fastest-growing sectors in the IoT segment.\u201cOther than cloud and AI\/machine learning, IoT or industrial IoT is one of the top three technologies which will enable remote operations for enterprises, thereby improving productivity during these challenging times,\u201d IDC market analyst Sharad Kotagi noted in the report.More IoT means more security riskYet as companies extend the interconnectedness of their organisations, a large and growing body of evidence suggests their cybersecurity exposure will also continue to grow.The pandemic-driven explosion in remote work was a dry run, cloud-security firm Zscaler found in a new study that analysed 300,000 IoT-specific malware attacks blocked by the company\u2019s platform over the course of just two weeks in December 2020.Manufacturing and retail-industry devices accounted for 59% of the 575 million device transactions analysed by Zscaler, which found a wide range of 3D printers, geolocation trackers, data-collection terminals, and payment terminals, among others, were flooding corporate networks with data.Despite their mission-critical nature, 76% of the monitored IoT devices were sending their data in plain text \u2013 \u201cmeaning,\u201d said Zscaler CISO Deepen Desai, \u201cthat a majority of IoT transactions pose great risk to the business.\u201dAs industrial IoT (IIoT) devices are increasingly added to the mix by companies seeking to automate operational technology (OT) processes, that risk will rapidly be extended to new business domains\u2014creating new risk from promising but insecure technologies that are often being rolled out without overarching security and management oversight.IoT-related vulnerabilities in the critical manufacturing sector grew by 148% in the first half of 2021 alone, according to a recent Nozomi Networks IoT security report that also identified a 44% spike in ICS-CERT vulnerabilities this year.Vulnerabilities in software supply chains, such as those that enabled the compromise of SolarWinds and Kaseya enterprise applications, were continuing to emerge, the report noted, and insecure IoT security cameras are continuing to surge \u201cat an alarming rate\u201d.\u201cAs industrial organisations embrace digital transformation, those with a wait and see mindset are learning the hard way that they weren\u2019t prepared for an attack,\u201d said Nozomi CEO Edgard Capdevielle in the report. \u201cWe encourage organisations to adopt a postbreach mindset prebreach, and strengthen their security and operational resiliency before it\u2019s too late.\u201dA long road to secure IoTThe suggestion that businesses are unprepared for IoT-based attacks comes as no surprise given the results of a recent Fortinet report, in which 71% of surveyed ANZ businesses surveyed admit feeling unprepared for a cyberattack.Indeed, fully two-thirds of Australian businesses admitted that a cybersecurity breach would either create significant costs for the business or end it completely.Analyst firm Gartner has gone a step further, recently predicting that by 2025 cybercriminals will have used IoT breaches to \u201cweaponise\u201d OT environments to the point where a human being is harmed or even killed.Companies with large numbers of assets \u201cstruggle to define appropriate control frameworks,\u201d said Gartner senior research director Wam Voster in the report, noting that risk-management leaders in companies running operational environments \u201cshould be more concerned about real world hazards to humans and the environment\u201d than just theft of their data.A range of efforts have sought to define appropriate control frameworks for OT environments. In those environments, the growing number of IoT devices will be a key confounder as surging numbers continue to challenge control capabilities.Australia\u2019s Therapeutic Goods Administration, for example, has published cybersecurity guidelines for medical devices and in May 2021 offered guidance for IoT and other equipment manufacturers around their regulation.Aiming to help customers manage the exposure being created by growing IoT use within OT environments, recent months have seen IoT-focused security capabilities from vendors like BlackBerry\u2014which in July 2021 launched the upgraded Jarvis 2.0 platform to find and fix vulnerabilities in embedded systems\u2014and Malcolm Turnbull-backed industrial cybersecurity consultancy Dragos, which this year expanded into the ANZ market and recently added vulnerability management to its asset visibility and security platform.Sector-specific offerings are likely to continue bulking out their features as they seek to close functional gaps and maintain suitable control over the IoT explosion.An appropriate OT security framework must ultimately address 10 elements, Gartner said, including roles and responsibilities, training, incident response, asset inventory, log collection and detection, and secure configuration.Industry groups like the IoT Alliance Australia are also engaged, continuing to work with peers such as the Industrial Internet Consortium to shepherd industry towards better security with a high-level approach that also ties into overall organisational objectives like the UN Sustainable Development Goals effort.Maintaining effective security, and tying it in with overall corporate transformation objectives, will remain crucial as ANZ companies continue to tap IoT in the quest to reinvent themselves for the new normal.