What 2017 will mean for the Internet of Things & Security
It’s a topic I’ve covered a fair amount recently, and it seems to be what everyone is perpetually talking about: The expanded attack surfaces concurrent with advancements in Internet of Things technology. Security for these new devices and tech has been notoriously lacking from the outset. Although organizations are still taking advantage of connected devices, their concerns are growing. Fueled by such stories as the massive Mirai botnet incident, cyber security for these firms is becoming a real interest. Reports such as the recent World Economic Forum’s “Global Risks Report,” which cites IoT hacking as one of the most significant global concerns for 2017, reflect and lend credence to these views. Executives worldwide who participated in the report all gave main priority to cyber attacks as the biggest risk to their businesses.
In a similar vein, a study from the Ponemon Institute on mobile/IoT security also demonstrates the rising self awareness from many who look at the current landscape and have to acknowledge, “You know what? We’re just not ready.” Even mobile applications, which have been in use in the workplace for a while now, often remain insecure. Indeed, 53% of Ponemon’s poll respondents worry about hackers targeting such apps to compromise their networks, while even more suspect they already have been. 58%, meanwhile, view the IoT as the most dangerous attack surface.
What it comes down to, according to a number of the respondents, is primarily financial. Historically, budget allocation hasn’t always been particularly friendly to IT security, which is hardly a shocking fact. And even if that is slowly starting to change, well, the key word there is “slow.” As a result, almost half of those surveyed said their organizations were not taking proper preventative steps. “Without proper budget or oversight, these threats aren’t being taken seriously and it should come as no surprise for mobile and IoT applications to be the culprit of major data breaches to come,” said Larry Ponemon.
So it comes as no surprise that we’re now getting saturated with articles, think pieces, recommendations, etc. (including this humble contribution), about the subject.
Organizations need to keep the ball rolling, especially those implementing the Internet of Things. What can they do, you ask? Luckily, there are solutions. As we’ve emphasized here before, security cannot be an afterthought for the IoT, but must be part and parcel of the design from the outset. Accordingly, a firm should stick to devices designed for IoT, and not try to retrofit or jury-rig older, less secure systems to the new network. The importance of a breach response also cannot be understated. Neither can be that of employees having clearly established responsibilities: just as a team wins when its players know their roles within the system, so should those involved in an IoT ecosystem know theirs when it comes to protecting data. And of course, know what constitutes normal behavior, in order to best spot anomalies on the network that could signal a malicious intruder.
Remaining vigilant, and adopting these kinds of practices, can immeasurably improve one’s ability to handle the system breach that’s either coming or has already occurred.