YOU ARE AT:Analyst AngleAnalyst Angle: Security and the 'Internet of Things'

Analyst Angle: Security and the 'Internet of Things'

Editor’s Note: Welcome to our weekly feature, Analyst Angle. We’ve collected a group of the industry’s leading analysts to give their outlook on the hot topics in the wireless industry.
Cyber-attacks continue to become more innovative and sophisticated. Unfortunately, while organizations are developing new security mechanisms, cyber-criminals are cultivating new techniques to circumvent them. Sophistication of cyber-attacks has grown along with our dependence on the Internet and technology.
The “Internet of things”

The day when practically every electronic device will be connected to the Internet is not that far away. According to Cisco, there are approximately 15 billion connected devices worldwide and Dell forecasts that we may see upwards 70 billion connected devices by 2020 – meaning 10 devices per human, talking to each other and sending out messages.
The Internet of things sensation holds the potential to empower and advance nearly each and every individual and business. In today’s global society, we’re always on and we’re always getting data from a variety of different sources. This is the heart of the IoT. Everything is connected and speaking to each other. Warming our cars on a cold morning, regulating thermostats in our homes and determining what your husband took from the refrigerator during his midnight snack, will all be carried out from mobile devices.
Moving forward, IoT devices will help businesses track remote assets and integrate them into new and existing processes. They will also provide real-time information on asset status, location and functionality that will improve asset utilization and productivity and aid decision making. But, the security threats of the IoT are broad and potentially devastating and organizations must ensure that technology for both consumers and companies adheres to high standards of safety and security.
The IoT at home … and at work
With the growth of the IoT, we’re seeing the creation of tremendous opportunities for enterprises to develop new services and products that will offer increased convenience and satisfaction to their consumers. The rise of objects that connect themselves to the Internet is releasing an outpouring of new opportunities for data gathering, predictive analytics and IT automation.
The rapid uptake of “bring-your-own-device” is increasing an already high demand for mobile applications for both work and home. To meet this increased demand, developers working under intense pressure, and on paper-thin profit margins, are sacrificing security and thorough testing in favor of speed of delivery at the lowest cost. This will result in poor quality products that can be more easily hijacked by criminals or “hacktivists.”
Smartphones are already the control center for the IoT, creating a prime target for malicious actors. Unauthorized users will target and siphon sensitive information from these devices via insecure mobile applications. The level of hyper-connectivity means that access to one app on the smartphone can mean access to all of a user’s connected devices.
The information that individuals store on mobile devices already makes them attractive targets for hackers, specifically “for fun” hackers, and for criminals. At the same time the number of apps people download to their personal and work devices will continue to grow. But do the apps access more information than necessary and perform as expected?
Worst case scenario, apps can be infected with malware that steals the user’s information – tens of thousands of smartphones are thought to be infected with one particular type of malware alone. This will only worsen as hackers and malware providers switch their attention to the hyper-connected landscape of mobile devices.
Privacy and regulation
Just as privacy has developed into a highly regulated discipline, the same will happen for data breaches sourced in the IoT environment. Fines for data breaches will increase. As more regulators wake up to the potential for insecure storage and processing of information, they will demand more transparency from organizations and impose even bigger fines.
Organizations that get on the front foot now and prepare for stricter data breach laws with bigger fines for non-compliance will find themselves ahead of the curve and in customers’ good graces. They’ll also make better business decisions along the way.
Securing the supply chain
Security chiefs everywhere are concerned about how open their supply chains are to various risk factors. As one of the most collaborative environments in your organization, it inherently poses greater risks to the confidentiality, integrity and availability of corporate information. Mapping the flow of information and keeping an eye on key access points in order to continuously manage information security risks is an essential part of building a more resilient business.
The IoT will transform supply chain leaders’ access to information, and will expose more operations to cyber-risk. Organizations of all sizes need to think about the consequences of a supplier providing accidental, but harmful, access to their corporate information. Even the smallest supplier, or the slightest supply chain hiccup, can have dangerous impacts on your business. Brand management and brand reputation are subject to the successful security of your supply chain and thus both are constantly at stake. Businesses must focus fixes on the most vulnerable spots in their supply chain now, before hackers, or other cyber-criminals, find their way in to disrupt your global distribution of goods and services.
Secure the cloud. Secure your PII
The IoT loves the cloud. The primary way that many connected devices communicate is via the cloud. Organizations need to understand that putting private information into the cloud creates risk and must be understood and managed properly. Organizations may have little or no control over the movement of their information, as cloud services can be provided by multiple suppliers moving information between data centers scattered across the globe. In moving their sensitive data to the cloud, all organizations must know whether the information they are holding about an individual is personally identifiable information and therefore needs adequate protection.
Most governments have already created, or are in the process of creating, regulations that impose conditions on the safeguard and use of PII, with penalties for organizations who fail to sufficiently protect it. As a result, organizations need to treat privacy as both a compliance and business risk issue, in order to reduce regulatory sanctions and commercial impacts such as reputational damage and loss of customers due to privacy breaches. With increased legislation around data privacy, the rising threat of cyber theft and the simple requirement to be able to access your data when you need it, organizations need to know precisely to what extent they rely on cloud storage and computing.
With potential comes risk
Highly publicized data breaches, and more stringent regulation, have put the spotlight on cyber security in most organizations around the world. This has put immense pressure on executives to assure stakeholders that sensitive information is secure.
As discussed, the IoT has great potential for the consumer as well as for businesses. While the IoT is still in its infancy, we have a chance to build in new approaches to security if we start preparing now. Security teams should take the initiative to research security best practices to secure these emerging devices, and be prepared to update their security policies as even more interconnected devices make their way onto enterprise networks.
Enterprises with the appropriate expertise, leadership, policy and strategy in place will be agile enough to respond to the inevitable security lapses. Those that do not closely monitor the growth of the IoT may find themselves on the outside looking in.
Steve Durbin is managing director of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cyber security, BYOD, the cloud, and social media across both the corporate and personal environments. Previously, he was SVP at Gartner.

ABOUT AUTHOR

Martha DeGrasse
Martha DeGrassehttp://www.nbreports.com
Martha DeGrasse is the publisher of Network Builder Reports (nbreports.com). At RCR, Martha authored more than 20 in-depth feature reports and more than 2,400 news articles. She also created the Mobile Minute and the 5 Things to Know Today series. Prior to joining RCR Wireless News, Martha produced business and technology news for CNN and Dow Jones in New York and managed the online editorial group at Hoover’s Online before taking a number of years off to be at home when her children were young. Martha is the board president of Austin's Trinity Center and is a member of the Women's Wireless Leadership Forum.