The expansion of the Internet of things promises new, previously unimaginable horizons. In our personal lives, the IoT is bringing convenience, labor-saving home appliances, and optimized management of our environment and leisure time. For businesses, the IoT is an opportunity to push boundaries of innovation and service delivery, raising customer satisfaction and revenues at the same time. Yet it has a disturbing side too…
Internet of Things and Security
The IoT is effectively a global network composed of millions of independent devices, each of which may hop on or off at any time, and none of which are subject to centralized control. It’s easy to imagine, then, that businesses face serious threats from IoT security breaches. However, many organizations might not appreciate the true extent of the risk, or the fact that the Internet of Things and security go hand in hand.
IoT Security Threats
In research carried out in 20181, California-based operational technology security firm 802 Secure made an alarming discovery. Every single enterprise that took part in their survey found what Comarch IoT Consulting boss Radosław Kotewicz described2 as “rogue” wireless IoT devices communicating via their official systems, potentially providing a way in for cyber-criminals. Many of these connections were the result of employees, contractors and visitors using everyday devices such as fitness trackers and digital assistants, all entirely without malicious intent. But that’s not all; IoT-enabled devices such as vending machines – effectively “authorized” by companies but not under the control of their IT systems – also formed part of this “shadow” IoT.
IoT Security Technologies to Mitigate Threats
Traditional security measures can’t handle such threats, often because they simply can’t “see” this shadow IoT. Failure to address this issue, though, could prove extremely costly, with companies facing data theft, damage to reputation, and ultimately loss of revenue or even total collapse. So how best can organizations mitigate the risk?
IoT security threats can first be addressed by carrying out a full evaluation of potential weak points. Companies need to know exactly where they might be most at risk, as well as composing a comprehensive database of IoT devices with associated threat levels. This kind of assessment won’t work unless it embraces the entire organization, so every department, every individual employee, will need to be involved to some extent.
Once an organization has a clear picture of how and where it is exposed to attack, it can deploy IoT security technologies for robust defense. Any system that is implemented must work seamlessly between business units, and be capable of integrating with all existing security measures. It must also be able to identify suspect IoT devices automatically, and carry out pre-defined actions to deal with them.
If such measures sound daunting, just consider the potential consequences of failing to take IoT security seriously. It’s worth noting, too, that companies might not need to wait too long to see a return on their high-level security investment; research by consultants at Bain & Company found that such improvements can actually drive IoT success, as they raise confidence among purchasers.
1. Source: 802 Secure, Inc: 802 Secure Shares IoT Threat Research at Internet of Things World 2018, Santa Clara, 2018
2. Source: TheFastMode: Enterprises Need To Focus On IoT Security, 2019