The Internet of Things brings a lot to the table when it comes to the enterprise: New workflows. New revenue streams. Greater convenience. But also a host of glaring security issues. IoT is a cybersecurity trainwreck and it’s not getting better. Here’s how to protect yourself.
I’m going to be blunt. The Internet of Things (IoT), for all the good it does, is a cybersecurity nightmare often involving vendors more interested in their bottom line than in developing and releasing hardened products.
Certainly, there are exceptions. But for the most part, connected devices, especially those outside the enterprise, are not developed with security as a core driver. To some extent, this is understandable.
Most IoT vendors are not technology companies. To them, cybersecurity involves networks and desktops, smartphones, and business software. It’s the domain of the IT department and not something they’ve really had to concern themselves with.
Even businesses that understand cybersecurity are basically flying blind where IoT is concerned.
“One of the most common threads with [IoT companies] is the desire to focus on outcomes rather than being proactive about the threats they are facing,” explains Moor Insights and Strategy Senior Analyst Chris Wilder. “Most security organizations naturally focus on the process of cybersecurity, meaning they check the box from a process and regulatory perspective while not preparing for the real-world practice of cybersecurity. From an IoT perspective, cyber-process is mostly an exercise in cyber-ignorance.”
So what can you do? What’s involved in mitigating the risks represented by IoT? How exactly can you keep your data safe in the face of one of the largest, most poorly-secured threat surfaces in history?
- Establish a guest network for consumer IoT devices. Does your office have a smart fridge or coffee machine? Keep it as far away from your network as possible. All consumer smart devices, no matter what they are, should be connected to their own network, air-gapped from corporate infrastructure.
- Balance risk management with innovation. Where IoT is concerned, you cannot forge blindly ahead, but neither can you sit on your heels and stagnate. As noted by Deloitte, risk management and innovation must be in harmony with one another. Your executives must engage with both their employees and one another to ensure there’s strong oversight on new business initiatives, but also that those initiatives are able to proceed without hindrance.
- Be careful blending IoT with existing systems. Layering new technology on top of legacy architecture might as well be an enterprise tradition. In an IoT era, however, it’s a huge risk. Old security standards and processes are ill-suited for a hyperconnected world; authentication, endpoint management, and network security must all be updated if you’re to embrace IoT.
- Effective IoT security is impossible if your organization takes a siloed approach to technology. Just as the Internet of Things shares data across a vast network of distributed devices, so too must information and intelligence be shared openly across your organization.
- Understand the threats you face. What will your systems do in the midst of a cyberattack? What is your business’s unique threat profile, and your industry’s unique threat landscape? What weaknesses exist in your current security posture? These are all questions you must answer – and as soon as possible.
- Focus on your people. Even in the face of IoT, your employees remain the greatest security risk in your organization. Bear that in mind. Employee training is more critical than ever, as is engaging with staff to ensure their needs are not being ignored when implementing new security solutions.
IoT is unprecedented from both a cybersecurity and a business perspective. On the one hand, never before has there been a technology with greater capacity for innovation and evolution. Yet this technology has some glaring security risks.
I have no doubt that, moving forward, we’ll eventually address those risks. But until we do, it’s up to each of us to be diligent, aware, and cautious.