Cybersecurity in the Era of the Internet of Things

Steve Durbin, MD, Information Security Forum
566
914
193

Steve Durbin, MD, Information Security Forum

Cybersecurity-attacks continue to become more innovative and sophisticated with each passing day. Unfortunately, while businesses are developing new security mechanisms, cybercriminals are developing new techniques to evade them. At the same time, along with the growth in the sophistication of cyber-attacks, so has our dependence on the Internet and technology.

The Internet of Things (IoT) holds the potential to empower and advance nearly each and every individual and business. In today’s fully-connected, global society, we’re always on and always getting information from a variety of different sources. This is the heart of the IoT. Everything is connected and speaking to each other.

In the years to come, IoT devices will help businesses track remote assets and integrate them into new and existing processes. They will also provide real-time information on asset status, location and functionality that will improve asset utilization and productivity and aid decision making. But, the security threats of the IoT are broad and potentially very devastating. The organizations must ensure that technology for both, consumers and companies, adhere to high standards of both safety and security.

Dealing with the IoT at Home and Work

With the growth of the IoT, we’re seeing the creation of tremendous opportunities for enterprises to develop new services and products that will offer increased convenience and satisfaction to their consumers. The rise of objects that connect themselves to the Internet is releasing an outpouring of new opportunities for data gathering, predictive analytics and IT automation.

Smartphones will be the motherboard for the IoT, creating a prime target for malicious actors. Unauthorized users will target and siphon sensitive information from these devices via insecure mobile applications. The level of hyperconnectivity means that access to one application on the smartphone can mean access to all of a user’s connected devices.

The rapid uptake of Bring Your Own Device (BYOD), and the introduction of wearable devices in the workplace, is increasing an already high demand for mobile applications for both work and home. To meet this increased demand, developers working under intense pressure, and on paper-thin profit margins, are sacrificing security and thorough testing in favor of speed of delivery and the lowest cost. This will result in poor quality products that can be more easily hijacked by criminals or hacktivists.

The information that individuals store on mobile devices already makes them attractive targets for hackers, specifically “for fun” hackers, and criminals. At the same time the amount of applications people download to their personal

grow. But do the applications access more information than necessary and perform as expected? Worst case scenario, applications can be infected with malware that steals the user’s information – tens of thousands of smartphones are thought to be infected with one particular type of malware alone. This will only worsen as hackers and malware providers switch their attention to the hyper-connected landscape of mobile devices.

Privacy and Regulation

Just as privacy has developed into a highly regulated discipline, the same will happen for data breaches sourced in the IoT environment. Fines for data breaches will increase. As more regulators wake up to the potential for insecure storage and processing of information, they will demand more transparency from organizations and impose even bigger fines.

Organizations that get on the front foot now and prepare for stricter data breach laws with bigger fines for non-compliance will find themselves ahead of the curve and in customers’ good graces. They’ll also make better business decisions along the way.

Great Potential Equals Great Risk

The IoT has great potential for consumers as well as for businesses. While the IoT is still in its infancy, we have a chance to build in new approaches to security if we start preparing now. Security teams should take the initiative to research security best practices to secure these emerging devices, and be prepared to update their security policies as even more interconnected devices make their way onto enterprise networks.

Enterprises with the appropriate expertise, leadership, policy and strategy in place will be agile enough to respond to the inevitable security lapses. Those who do not closely monitor the growth of the IoT may find themselves on the outside looking in.

Read Also

To Connect or to Integrate: The Role of Informatics in the Lab

Ashu Singhal is the Co-Founder and CTO of Benchling

Anatomy of a Software Development Deal

Nathan E. Oleen, Partner, Husch Blackwell

Data & Analytics = Big Potential

Juan FGorricho, Chief Data and Analytics Officer for Partners Fede, The Walt Disney Company

Technology to Leverage and Enable

Dave Kipe, SVP, Global Operations, Scholastic Inc.