Cyber security is a hot topic throughout the digital world. It’s no longer enough to make sure our houses and possessions are adequately protected: our digital assets are equally vulnerable – if not more so. Nowhere is this truer than in the arena of the Internet of Things (IoT).
The IoT is at least as high on the list of topical concerns as cyber security. Everything that is capable of being digitally connected – from your toothbrush and fridge to the large scale systems and devices used in industry – can be part of the IoT. And that is where the problems can start. If a device is digitally connected, then it immediately offers an entry point to a vast network for those whose motives are far from pure. It can be far easier for the cyber criminal to use the equivalent of a tiny window to infiltrate a network rather than having to break down the front door.
A recently study by the IBM Institute for Business Value – “The Internet of Threats: Securing the Internet of Things for industrial and utility customers” – makes alarming reading. Failure to adequately protect IoT devices against digital threats is hardly a new topic – it’s long been appreciated that manufacturers have rushed to bring out IoT devices with clever features without giving enough consideration to the security implications that should attach.
The study found that only 10 percent of the companies it surveyed were continuously monitoring their IoT traffic to find anomalies and assess vulnerabilities. For industry, that’s a worrying state of affairs. In addition, it found a “limited awareness of IoT security”. The report’s authors go on to say: “An incomplete understanding of the risks posed by IoT deployments, coupled with a lack of a formal IoT security program contributes to the gap between IoT adoption and the capabilities in place to secure it. IT-centric security frameworks and organisational structure are often not adequate to address reliability and predictability needs of always-on IoT equipment”. The situation is not helped by tardiness in the development of standards for IoT security.
While most companies are not actively monitoring and assessing their networks, 45 percent of those surveyed had purchased insurance. Although this may pay to rebuild a network after a security breach, no insurance policy can cover the costs of repairing the reputational damage that will be caused by a serious breach. Companies can take years to rebuild trust after such an event or may even fold under the strain.
Just 14 percent of the companies surveyed perform cybersecurity breach simulations to prepare an effective response to cyber attacks, while only 16 percent actively pursue strategies to increase employee visibility into IoT security operations. The report’s authors comment that “the lack of skilled resources is the greatest challenge to securing IoT deployments”.
Often companies enter into IoT development for their business by the relatively simple process of implementing a wireless interface to enable over-the-air (OTA) programming and functionality. This is then frequently followed by the establishment of a cloud-based infrastructure to allow data to be collected from a variety of devices in the field. Establishment of the interface and infrastructure immediately provides a range of gateways that can be exploited by hackers and cyber criminals.
Security has to be uppermost in companies’ minds as they embark on the process of digitally-enabling their business. It’s equally important to consider as they complete their preparations for compliance with general data protection regulation (GDPR). Help on both topics is available for free through a book that covers all the key aspects. It’s available from: or can be supplied in paper format.
The IBM report likens companies’ approach to IoT security to “building a plane while flying it”. Insurance will never fully cover the cost of that plane falling out of the sky. Better by far to be proactive about building in security to all aspects of your own company’s business.