IoT Tree

IoT Nightmare – Promise and Risk

Today there are 9 billion devices connected to the Internet. As we move forward to a day where most devices will be Internet connected this growth trend will not subside. The day of IoT (Internet of Things) is upon us. IoT are takes what were once considered non-computerized devices and gives them a processor, software and network connectivity. Effectively these devices become “smart” because they contain a small computer and are connected to a network or the network of network – the Internet.
These devices can be smart televisions, smart thermostats, home/building automation systems, medical devices, etc. Noting these changes in the industry we are in for an explosive growth of the IoT and it will significantly impact business small and large. The Internet of Things brings with it some of the headaches of BYOD (Bring Your Own Device) with entirely new ones we will have to address. Some of the many challenges are:

Security

With so many connected devices we will see infinite options for exploitation by cybercriminals. Unlike mature operating systems of desktops, servers and even mobile devices these devices will offer little protection from the endless risk the inject into the enterprise. They can both be used by malicious and unknowing employees to leak sensitive information and even intellectual property out of the enterprise.

As Symantec researcher Kevin Haley detailed in his “2014 Predictions from Symantec”,
“With millions of devices connected to the Internet—and in many cases running an embedded operating system—in 2014, they will become a magnet for hackers. Security researchers have already demonstrated attacks against smart televisions, medical equipment and security cameras. Already we’ve seen baby monitors attacked and traffic was shut down on a major tunnel in Israel, reportedly due to hackers accessing computer systems via a security camera system.”

Privacy

Privacy these days seem to be of growing importance to users as the risks and costs come into clear view. Modern IoT devices will collect, transmit and store all kinds of data in places that will have real world privacy consequences. These will not be in the realm theory but come in direct costs, vulnerabilities, and repercussions. As the reality of these issues starts to sink in, the uproar will eventually become predictably palpable.

Patching

With the myriad of devices and their lack of standardization we are in a place where there is more risk than one would like. Hopefully, a unified standard will emerge — but right now there is none.  This lack of maturity mirrors that of the early days of modern desktop operating systems.

Standards Matter

Open industry standards support are absolutely critical for any technology. Unfortunately, IoT isn’t as mature or standards based as its traditional desktop/server or even mobile space. Noticeably the standards are a work in progress and time will certainly improve them.

Takeaway

IoT isn’t going away but our embrace of this new technology should be measured. We ought take some simple steps to minimize our risks:

  • Minimize the presence of IoT devices in your enterprise until you can quantify the risk and address them.
  • If any of these devices are to be deployed then take steps to minimize risks with policy, training and technology.
  • Always take a “defence-in-depth” or layered approach in securing these devices
  • Include these devices in your security audits, pentests and patch management plans.
  • Add IoT to your policies so that users understand the risks and their responsibility to protect the enterprise. Require them to read and sign them on a yearly basis.

While it is clear that IoT has immense promise we need to assess and address the risks it brings to bear. Like all other technology, it an immense potential. Notwithstanding, we have to be diligent in how we invest in and deploy IoT to extract the greatest return.

What’s your experience with IoT? What are doing to minimize your risks and maximize your benefits?

4 thoughts on “IoT Nightmare – Promise and Risk”

  1. Annie Marie Peters

    Very good analysis of the pitfalls of IoT. I agree with you that a standards based solution needs to be explored (sooner rather than later).

  2. From reading this it seems like the Internet of things is both a blessing and a curse. Interesting read, I learned a lot

  3. In today’s world we need to take care of security for every device that is connected to internet. When we connect any device to internet we invite many security loopholes along with internet features. Great article I have to say about IoT awareness.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top