The Internet of Things Means Innovation… and Higher Security than ever Before

The expansion of the Internet of things promises new, previously unimaginable horizons. In our personal lives, the IoT is bringing convenience, labor-saving home appliances, and optimized management of our environment and leisure time. For businesses, the IoT is an opportunity to push boundaries of innovation and service delivery, raising customer satisfaction and revenues at the same time. Yet it has a disturbing side too…

IoT Security Threats

The IoT is effectively a global network composed of millions of independent devices, each of which may hop on or off at any time, and none of which are subject to centralized control. It’s easy to imagine, then, that businesses face serious threats from IoT security breaches. However, many organizations might not appreciate the true extent of the risk, or the fact that the Internet of Things and security go hand in hand.

In research carried out in 20181, California-based operational technology security firm 802 Secure made an alarming discovery. Every single enterprise that took part in their survey found what Comarch IoT Consulting boss Radosław Kotewicz described2 as “rogue” wireless IoT devices communicating via their official systems, potentially providing a way in for cyber-criminals. Many of these connections were the result of employees, contractors and visitors using everyday devices such as fitness trackers and digital assistants, all entirely without malicious intent. But that’s not all; IoT-enabled devices such as vending machines – effectively “authorized” by companies but not under the control of their IT systems – also formed part of this “shadow” IoT.

IoT Security Technologies to Mitigate Threats

Traditional security measures can’t handle such threats, often because they simply can’t “see” this shadow IoT. Failure to address this issue, though, could prove extremely costly, with companies facing data theft, damage to reputation, and ultimately loss of revenue or even total collapse. So how best can organizations mitigate the risk?

IoT security threats can first be addressed by carrying out a full evaluation of potential weak points. Companies need to know exactly where they might be most at risk, as well as composing a comprehensive database of IoT devices with associated threat levels. This kind of assessment won’t work unless it embraces the entire organization, so every department, every individual employee, will need to be involved to some extent.

Once an organization has a clear picture of how and where it is exposed to attack, it can deploy IoT security technologies for robust defence. Any system that is implemented must work seamlessly between business units, and be capable of integrating with all existing security measures. It must also be able to identify suspect IoT devices automatically, and carry out pre-defined actions to deal with them.

If such measures sound daunting, just consider the potential consequences of failing to take IoT security seriously. It’s worth noting, too, that companies might not need to wait too long to see a return on their high-level security investment; research by consultants at Bain & Company found that such improvements can actually drive IoT success, as they raise confidence among purchasers.

 

1. Source: 802 Secure, Inc: 802 Secure Shares IoT Threat Research at Internet of Things World 2018, Santa Clara, 2018

2. Source: TheFastMode: Enterprises Need To Focus On IoT Security, 2019

Author

Radosław Kotewicz

Head of Comarch IoT Consulting

He has been working at Comarch for over 12 years, and since 2016 he has actively supported the development of IoT products and solutions. He has wide experience in the broad area of developing embedded systems, from design and testing to project management. He is also a member of the IoT Development Group at the Ministry of Digital Affairs.

Comments

Add comment

Please wait