The State of Security on the Internet of Things
Most IT organizations are not doing much to protect networked computing devices.
While there's a lot of activity surrounding the security of traditional servers and desktop systems, it's becoming clear that as the volume of devices connected to the Internet continues to explode, the nature of the security threat is rapidly changing.
Unfortunately, a new survey of 15,000 IT and security professionals conducted by Mocana, a provider of security software for embedded systems, finds that while most IT organizations are more aware of the potential threat posed by embedded systems, including smartphones and tablet PCs, very few are being proactive about securing these devices.
Recent high-profile digital attacks on physical infrastructure, such as Stuxnet, have put a spotlight on the potential problem. But until there are more attacks closer to home, Kurt Stammberger, Mocana vice president of marketing, says that a certain amount of complacency has set in in terms of securing embedded systems, even though there are more of these devices connected to the Internet than all the traditional servers and PC clients combined. In fact, there are more of those systems than there are smartphones connected to the Internet.
The vast majority of people responding to the Mocana survey agree that it's only a matter of time before these systems are compromised in some significant way. Right now, the easiest targets for malware are Web applications. But as those applications become more secure, the purveyors of malware will start to look for the next easiest unsecured entrance into the enterprise. And Stammberger says that more than likely that doorway is going to be through some embedded systems on the "Internet of Things" that no one is really doing much to secure.
You can probably imagine the general level of collective embarrassment that will occur once these attacks begin and some congressional committee starts asking some difficult questions about the role of private companies in our collective national digital infrastructure. The trouble from an IT perspective is once that starts to happen, company executives will start to look for the fall guy. And we all know that when that starts to happen, the first place they will look is inside the IT department.