There is no doubt that the Internet of Things (IoT) can be of huge importance to enterprises, in order to increase productivity and efficiencies across a business.
However businesses also need to realise the risk which comes with these devices. It is stated there will be an estimated 20 billion connected devices by 2020, with many of these technologies leveraging the cloud and containing masses of confidential data, competitive intelligence and intellectual property traversing the on-site as well as off-site IT ecosystem. Two-thirds of enterprises are expected to experience IoT security breaches by 2018. By 2020, more than 25 percent of attacks could also be IoT-related. However IoT security accounts for only 10 percent of IT security budgets.
Cyber security cannot therefore not be overestimated as the IoT is critical to businesses of today. Cyber security strategists will need to adapt to accommodate the ever changing landscape of connected devices and the entirely new risk this could create.
With new IoT innovations emerging at a rapid rate, traditional cyber security frameworks in many cases are inadequate for the enterprise it is trying to protect. As IoT numbers increase as well as the complexity and advancement in tech, the legacy hardware, software and processes are unable to keep up, thus increasing the risk factor of IoT within businesses.
New business trends such as ‘Bring Your Own Device’ (BYOD) do not help the cause. Consider the already vast amount of sensored and internet-enabled devices operating and collecting data, from TV’s and appliances, to cameras, printers, scanners and more. All of these could be hacked, allowing hackers to steal confidential data. Personal mobile phones and tablets as well as other devices being brought into work only increases this risk.
In order for enterprises to begin the ‘fight back’, it is important they first understand the level of complexity presented by each IoT, based on three criteria: devices, ecosystems and use cases.
These devices typically produce no data, simply capturing information shared via WIFI. This includes heat or light sensors or popular fitness watches. Although quite simple, they still gather lots of specific data which should be monitored by the enterprise.
Devices which are ‘embedded’ and which contain sensors are considered moderate. This includes anything from lighting and heating systems to sliding doors. These specific units contain on-board controls which monitor and control activity whilst also producing data. These devices can prove extremely dangerous if unsecure. For example the heat being turned off in a hospital or lighting turned off on public transport.
Smart phones which possess sophisticated operating systems and various application capabilities are considered highly complex. Unfortunately, it is also easier for hackers to attach malware to these devices by detaching its operating system and access sensitive data.