Internet of Things Security
The Internet of Things (IoT) is rapidly becoming a part of many of our business processes, often without us even noticing how quickly things are changing. And while it’s liberating to realize that many of the more flawed or tedious processes will be automated and streamlined, freeing up thousands of man hours, the danger is that organizations can lose track of how vulnerable they are to cyberattacks as the points of contact to the internet multiply.
There are a number of questions which must be asked and answered to ensure security, according to a new report from AT&T entitled:
“The CEO’s Guide to Securing the Internet of Things,” its second Cybersecurity Insights report.
This new connected era requires that a company assesses the risks faced, that it secures not only its information but the devices processing that information as well, that it aligns the IOT strategy and security, and defines the legal and regulatory issues at hand.
The scale of the change which is coming is worth looking at in detail, to reinforce the scale of the change and how vital it is to adapt. Chances are that if your company is not already plugged into the IoT, then your competitors and your partners probably are, and that you will need to be in the next few years. 85% of the organizations interviewed are “considering, exploring, or implementing an IoT strategy.” One third of companies claim to already have over 5, 000 connected devices but worryingly, “88% of organizations lack confidence in the security of their business partners connected devices.” Estimates vary, but experts agree that there will be between 30 billion and 50 billion connected devices by the year 2020.
The upside is tremendous. New revenue models and streams from new products that are transforming homes, vehicles and offices are being developed every day, while huge cost savings are being achieved through better monitoring and efficiency of business processes.
Yet all that will count for very little in the face of a massive security breach which could potentially cost a company millions of dollars, as well as the trust of its customers and businesses partners. Jason Porter, AT&T’s Vice-President of Security Solutions believes that “organizations need to infuse security expertise early into the process so that IoT is architected for security.”
The good news is that companies are becoming ever more aware of the threats. Two-thirds of respondents to the survey are planning to invest in IoT security in 2016, and half of them are dedicating at least 25% of their budget to the problem. And there is already a real urgency to it. AT&T’s Security Operations Centre has logged a 458% increase in vulnerability scans of devices connected to the Internet of Things.
The consequences of a cyberattack via the Internet of Things could be devastating. If one imagines the mission-critical systems of a self-driving car or an airplane being controlled by hackers, one gets a sense of how badly things can go wrong. Yet there are thousands of less high-profile cases that can wreak havoc. The report mentions “threat scenarios where IoT-connected robots or other remotely actuated machines are compromised, potentially resulting in manufacturing errors, equipment or parts damage, or even employee harm.”
So how do you create a strategic and proactive security approach to counter these threats? Taking a broad overview, the key is to build IoT security in at the ground floor. A comprehensive risk assessment which incorporates IoT into your general risk profile is a necessary start. This should be done by running a thorough audit of each and every connected device, as well as the communication protocols, networks and applications. You must assess the Vulnerabilities of each element of the IoT mix and map out a worst-case scenario so that everyone is keenly aware of the ramifications of a breach or a malfunction. Try and minimize the exposure of your most critical functions to IoT devices.
Secondly, realise that perhaps it’s not your information that is the primary concern. Perhaps it’s the devices themselves. “By definition, IoT devices don’t just generate data, but also interact in new ways with the physical world, such as controlling the flow of water or electricity. As a result, you must consider operational security threats, as well as information security concerns.”
Supporting The Chief Security Officer
The internal attitudes of your company towards security are hugely important. When an organization’s board is clearly and publicly committed to security, then there is a general understanding and alignment of forces to create a safe and secure environment. Clear lines of responsibility, consistent systems and a culture that prizes security are invaluable assets to your organization. Consider placing the Chief Security Officer on the board as a show of support and faith in the systems.
Finally, it’s vital that your company understands its legal and regulatory requirements and exposures. The report states that “Beyond information thefts or breaches, the physical and operational parameters of IoT devices can open new types of corporate responsibility and liability,” and that the “The use of multiple vendors in most IoT deployments requires that you assess their level of IoT security.”
The Internet of Things is new, exciting and brimming with potential as well as threats. While it can feel overwhelming, it’s critical to not wait until it’s too late to start looking at security. By implementing these four steps, your organization will be set to thrive in this brave new connected world.
Read the full report here
This post is sponsored by AT&T Security
By Jeremy Daniel