Cybersecurity in the Era of the Internet of Things
By Steve Durbin, MD, Information Security Forum
Cybersecurity-attacks continue to become more innovative and sophisticated with each passing day. Unfortunately, while businesses are developing new security mechanisms, cybercriminals are developing new techniques to evade them. At the same time, along with the growth in the sophistication of cyber-attacks, so has our dependence on the Internet and technology.
The Internet of Things (IoT) holds the potential to empower and advance nearly each and every individual and business. In today’s fully-connected, global society, we’re always on and always getting information from a variety of different sources. This is the heart of the IoT. Everything is connected and speaking to each other.
In the years to come, IoT devices will help businesses track remote assets and integrate them into new and existing processes. They will also provide real-time information on asset status, location and functionality that will improve asset utilization and productivity and aid decision making. But, the security threats of the IoT are broad and potentially very devastating. The organizations must ensure that technology for both, consumers and companies, adhere to high standards of both safety and security.
Dealing with the IoT at Home and Work
With the growth of the IoT, we’re seeing the creation of tremendous opportunities for enterprises to develop new services and products that will offer increased convenience and satisfaction to their consumers. The rise of objects that connect themselves to the Internet is releasing an outpouring of new opportunities for data gathering, predictive analytics and IT automation.
Smartphones will be the motherboard for the IoT, creating a prime target for malicious actors. Unauthorized users will target and siphon sensitive information from these devices via insecure mobile applications. The level of hyperconnectivity means that access to one application on the smartphone can mean access to all of a user’s connected devices.
The rapid uptake of Bring Your Own Device (BYOD), and the introduction of wearable devices in the workplace, is increasing an already high demand for mobile applications for both work and home. To meet this increased demand, developers working under intense pressure, and on paper-thin profit margins, are sacrificing security and thorough testing in favor of speed of delivery and the lowest cost. This will result in poor quality products that can be more easily hijacked by criminals or hacktivists.
The information that individuals store on mobile devices already makes them attractive targets for hackers, specifically “for fun” hackers, and criminals. At the same time the amount of applications people download to their personal
grow. But do the applications access more information than necessary and perform as expected? Worst case scenario, applications can be infected with malware that steals the user’s information – tens of thousands of smartphones are thought to be infected with one particular type of malware alone. This will only worsen as hackers and malware providers switch their attention to the hyper-connected landscape of mobile devices.
Privacy and Regulation
Just as privacy has developed into a highly regulated discipline, the same will happen for data breaches sourced in the IoT environment. Fines for data breaches will increase. As more regulators wake up to the potential for insecure storage and processing of information, they will demand more transparency from organizations and impose even bigger fines.
Organizations that get on the front foot now and prepare for stricter data breach laws with bigger fines for non-compliance will find themselves ahead of the curve and in customers’ good graces. They’ll also make better business decisions along the way.
Great Potential Equals Great Risk
The IoT has great potential for consumers as well as for businesses. While the IoT is still in its infancy, we have a chance to build in new approaches to security if we start preparing now. Security teams should take the initiative to research security best practices to secure these emerging devices, and be prepared to update their security policies as even more interconnected devices make their way onto enterprise networks.
Enterprises with the appropriate expertise, leadership, policy and strategy in place will be agile enough to respond to the inevitable security lapses. Those who do not closely monitor the growth of the IoT may find themselves on the outside looking in.