Have you given much thought to how the Internet of Things (IoT) is affecting your overall security? If not, it might be time to consider an IoT section to your cybersecurity policy.
As Steve Durbin, managing director of the Information Security Forum, said to me in an email conversation:
IoT holds the potential to empower and advance nearly each and every individual and business. In today’s global society, the average consumer is always on and always getting data sources from a variety of different sources. This is the heart of the IoT. Everything is connected and speaking to each other. For example: warming our cars on a cold morning, regulating thermostats in our homes or determining what your husband took from the refrigerator while watching a ballgame, will all be carried out from mobile devices. . . . The rise of objects that connect themselves to the Internet is releasing an outpouring of new opportunities for data gathering, predictive analytics and IT automation.
At the same time, he added, the devices that make up the IoT have so much information stored on them that they are increasingly becoming prime targets for hackers, and these devices are already a very weak link in the security chain.
Durbin isn’t the only one who is warning about the risks with the IoT. In a CRN article, James Lyne, global head of security and research at Sophos, said that the IoT may be our greatest security threat, especially moving forward. The article pointed out:
The interconnected devices that are automating so many consumer and business tasks will present hackers with nearly unlimited numbers of vulnerable targets. . . . From networked power switches in our homes to CCTV systems streaming video of stores and schools, these "smart" devices are being sold with astonishingly outdated security, Lyne said.
The industry you are in may be coloring your views of the IoT and security, a recent Tripwire study found. For example, an eWeek story, discussing how the IoT could affect security budgets, pointed out:
Only 25 percent of retail executives expected to receive additional budget to support the expanded security necessary to protect IoT devices, and 59 percent of financial respondents and 52 percent of energy respondents expected to receive additional budget.
Not surprising, the article went on to show that those in the retail industry are much less concerned about IoT security than their peers in the financial industry. The article explains why the retail industry should take heed of the security surrounding the IoT, and I agree with the premise. At the same time, it shouldn’t stop at the retail industry. The IoT is going to be a major player in the way all industries approach security in the not-so-distant future, and at this point in the security game, there is no reason why anyone shouldn’t be prepared.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba