Cybersecurity & the Internet of Things: How Enterprises Can Reduce IoT Risks
:: By Vinod Subramanyam, Brillio ::
Imagine manufacturing machinery that orders supplies before they run out, without human intervention. Cars that notify insurance companies the moment an accident occurs. Smart agricultural equipment that monitors soil moisture, helping farmers make better irrigation decisions.
These are just a few examples of how the Internet of Things (IoT) can penetrate business. The burgeoning technology is revolutionizing processes across industries, from healthcare to finance.
Some uses are industry-specific, while other universally applicable. Take, for example, workforce management. Whether for a team of 10 or 10,000, IoT technology can streamline how companies manage their employees. Logging in and out manually—at the start of a shift, at the close, when taking breaks—is cumbersome and time-consuming, with high chance of misreporting.
IoT offers a simple solution: a sensory system that records attendance as employees pass through the front door. The experience is seamless. It’s less hassle for the team and puts valuable data directly in supervisors’ hands—potentially revealing opportunities to boost productivity.
Growing Adoption, Growing Risk
IoT is radically changing how companies do business. And as the technology evolves, adoption is skyrocketing.
Morgan Stanley data suggests connected devices will number over 75 billion by 2020. This year alone, U.S. organizations have invested $232 billion in IoT technology, and McKinsey predicts an economic value of $11 trillion by 2025.
With such remarkable figures, it’s no surprise that major players like Microsoft and IBM are scrambling to establish authority in this emerging space. But as tech giants pour money into building a connected future, enterprises must tackle increasing complex security and privacy issues.
When implemented correctly, IoT brings major business benefits, including increased productivity and new competitive advantages. But the technology creates billions of new network end points that are at risk of cyberattacks. While computers, smartphones, and tablets are routinely secured with anti-virus and anti-malware protection, many IoT devices are not yet cover by similar security systems—leaving they vulnerable to attack.
Real Risks for Data & Security
With more devices on one network, data risks are very real. And the rapid expansion of IoT has prompted an explosion in the hacker landscape.
Data security breaches can wreak havoc on your business. Losing customer data to hackers brings bad press that could be difficult to recover from, and IoT also risks the exposure of operational data. In the wrong hands, this sensitive data could be manipulated for competitive gain.
Assessing Your Business Risks
While risk scenarios vary based on industry and service, they broadly fall under three categories: business, technology, and operations. Each comes with unique considerations to scrutinize when establishing a risk management plan.
Business-related risks can effect regulatory compliance, privacy, and health and safety. To weigh up the potential impact, consider how IoT will affect your current business processes—both negatively and positively. What are the threats posed by each device? Map out and evaluate each risk scenario, and anticipate their effect on your business.
The technology you choose brings risks related to functionality, shadow usage, and operational data exposure. Businesses can reduce potential risks by limiting access to devices and data, and establishing systems to track how individuals use that data.
When assessing operational threats, consider platform standardization, device vulnerabilities and management, and data protocol risks. Work out processes ahead of time. Before implementing any IoT program, determine how you’ll be collecting data, and what type of personal information will be collected, stored, and processed.
Stay Ahead of the Hackers
The more data being sent on a network, the higher the risk of exposure. But following a few best practices can help to counteract IoT risks.
Business must have complete visibility of traffic and how data is secured. Start with a comprehensive risk management plan that evaluates high impact threats and maps out a clear procedure for dealing with security breaches. This plan should scope out all security elements from inception right through to implementation.
Making the right technology choice is crucial: think long-term. The technology must fit into your extended roadmap and be versatile enough to adapt to inevitable strategy shifts as your IoT solution evolves. This is the time to investigate where integration points link to existing security and operational procedures—places that are often present vulnerabilities in your system.
Finally, take the time to communicate with employees and engage them in the implementation process. Lay out the vision for IoT within enterprise early on. When you make IoT a shared initiative—by clearly communicating benefits, risks, and ways the team can contribute to cybersecurity efforts—you can greatly reduce the chance of a breach.
The risks that come with IoT solutions are very real, but so are the considerable rewards. While wading through cybersecurity issues, don’t lose sight of the value of IoT implementation. The benefits are tremendous—as long as you take the right preparations to limit the risks first.
Vinod Subramanyam is the associate vice president of testing and applications at Brillio.