IoT Security needs to keep pace with the billions of devices being connected
IoT security must evolve rapidly just look at the magnitude. Let’s start with the numbers…
IoT Security is perhaps the most oft-mentioned impediment to the development of IoT. Critics say security is being almost totally neglected and that IoT purveyors and developers seem to have learned nothing from the preceding iterations of consumer Information Technology. Both the PC and smartphone worlds at first neglected security but were eventually jerked into action after multiple breaches and rising consumer outrage. Today, with both the issues and the ameliorating security processes well understood, say the critics, it’s incredible that the IoT world seems to be walking into the same trap having apparently learnt nothing.
IoT security is crucial because of what companies are doing with this technology trend. IoT is revolutionizing the global supply chain. Shippers are deploying active tracking devices on cargo containers to monitor shipments in real time. Manufactures are placing temperature sensors on finished products to ensure food and pharmaceuticals are always stored at the right temperatures. IoT sensors are making sure packages arrive on time, and without damage. Factories are employing IoT to automate intelligent thermostats, improve security systems, and control equipment settings and process workflow to optimize performance. And, manufacturers are adding IoT to their products so they can update and trouble check systems on the fly.
Glen Gilmore, an attorney and author who is an instructor with Rutgers Business School-Executive Programs, where he has created instruction in digital marketing, crisis communications and supply chain management, warns “regulatory and law enforcement authorities are issuing new warnings about the vulnerabilities of such technologies to hacking.”
As the use of IoT flows throughout the supply chain, it opens up a flood of security risks; vulnerabilities many companies fail to consider beforehand. “It’s very easy to get swept up in the hype and get into IoT without really thinking it through,” stresses Hampshire.
As IoT devices and applications evolve, so must cybersecurity policies and practices. “We must recognize that the Internet of Everything [another term for IoT], introduces the potential for the hacking of everything,” Gilmore stresses. “IoT may be the weakest link in breaking into an enterprise digitally because businesses fail to recognize the risks of using smart devices. Every organization should be devoting resources to figuring out how to ensure IoT is not the weakest link in the cybersecurity chain.’
The Internet of Things is a term coined by Kevin Ashton, a British technology pioneer who co-founded the Auto-ID Center at the Massachusetts Institute of Technology. Loosely defined, it is a network of physical objects embedded with electronics, software, sensors and network connectivity, which enables these objects to collect and exchange data, often through the Internet.
The first step toward minimizing IOT-related cybersecurity risks is closing backdoor access by understanding every device’s inherent vulnerabilities and their outgoing and incoming links to other systems.
IoT has four major building blocks,
- Hardware (physical devices with IoT installed);
- Communication (where the data are transported);
- The software backend (where data are managed);
- Applications (where data are turned into value).
“Security is a must-have element for all of these building blocks,” states the white paper sponsored by IoT Analytics, a Hamburg, Germany-based provider of market insights for the IoT. A security breach can happen in any of these areas.
It’s also important to assign an employee or team of employees to track IoT security issues. This person or team should be responsible for considering the IoT security practices of business partners as well.
Finally, companies should plan and rehearse their response to a significant data breach. Enterprises, both large and small, must plan for a cyber-attack and consider what this might encompass based on the IoT devices they are using. This crisis planning should detail the actions the organization will take if there is a breach of consumer data as well as what would occur if a cyber-attack disrupts its operations and/or the operations of its consumers or partners.