Data Protection October 4, 2018
By Sue Poremba 3 min read

Many objects nowadays can be turned into internet-connected devices, and any one of them can make its way into the workplace. In fact, Gartner expects more than 65 percent of enterprises will deploy Internet of Things (IoT) products by 2020.

While employees may enjoy the benefits offered by IoT technologies, chief information security officers (CISOs) and other security decision-makers have a different view of these devices. IoT security, particularly the risk of personal data exposure, is quickly becoming one of their top priorities.

Some IoT Security Concern Is Based on Personal Experience

Not surprisingly, as the number of IoT devices in the workplace increases, so do the security threats associated with them. Over the next couple of years, we should expect that more than a quarter of cyberattacks will directly involve the IoT, Gartner warns.

With this in mind, researchers with Tripwire polled attendees at this year’s Black Hat USA to gauge their concerns about IoT security. Sixty percent of participants said they were more worried about IoT security in 2018 than they were last year, and even those who weren’t more or less concerned still reported feeling worried about the security of IoT devices.

Some of this concern comes from personal experience: About 20 percent of respondents said they personally encountered an IoT-related attack at work or on their home network. But perhaps the more alarming statistic is that 14 percent said their IoT devices may have suffered an attack, but they didn’t know for sure.

As Craig Young, a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team, points out, too many security professionals lack the basic tools, security systems and knowledge to determine if their devices have been compromised, and that could lead to serious trouble down the road.

The Business Value of IoT Solutions

Eliminating IoT from the enterprise is not an option. For many organizations, IoT solutions add significant business value. As Consumer Goods Technology reported, “One of the most game-changing aspects of smart, connected products is how they allow product companies to create new consumer needs and establish new user habits. These new smart connected products rely on new habits, on trying to predict what will tick and what will be a hit with today’s consumers.”

Based on a 2017 Forrester report, Network World reports that the IoT improves business value in three ways:

  1. Improved product functions through design.
  2. Better business operations with digital automation.
  3. Enhanced consumer services.

However, all this IoT technology also creates a larger attack landscape for threat actors that organizations aren’t prepared for. As the aforementioned Gartner report states, “IoT security is often beyond the average IT leader’s skill set, as it involves managing physical devices and objects rather than virtual assets.” Security of IoT devices, the report continues, is often a barrier to the IoT’s overall effectiveness, which, in turn, hurts its business value.

IoT Data Is a Nightmare for the GDPR and Other Privacy Laws

The IoT also generates massive amounts of data, and this sets up another security issue. According to the Tripwire survey, the top issue surrounding IoT security is protection of personal data, followed by botnets and network compromise.

Because of how IoT devices collect data, it is more difficult to ensure data privacy for consumers, especially under the European Union’s General Data Protection Regulation (GDPR) and other new privacy laws. “The aggregation and correlation of data from various sources make it increasingly possible to link supposedly anonymous information to specific individuals and to infer characteristics and information about them,” wrote Cameron F. Kerry for Brookings.

Data generated from a smart city’s web of cameras and meters, for example, is nearly impossible to protect under privacy regulations. How do you alert thousands of otherwise anonymous people that their personal information is being gathered and stored? The onus falls on the security departments of the smart city to ensure the IoT devices they are using are secure, as are all aspects of data collation and storage. At the same time, as we’ve seen, security experts are still trying to figure out the best way to approach the IoT’s flaws and vulnerabilities.

Embrace Time-Tested Techniques to Secure the IoT

There are solutions on the horizon. The 2018 Global PKI Trends Study from the Ponemon Institute and Thales found that the IoT is “the fastest-growing trend in the deployment of applications that use public key infrastructure (PKI).”

“For safe, secure IoT deployments, organizations need to embrace time-tested security techniques, like PKI, to ensure the integrity and security of their IoT systems,” said John Grimm, senior director of security strategy at Thales eSecurity.

IoT security jumped in importance for many security professionals this year because IoT use has increased within many organizations. Now, our tools and solutions need to catch up.

Five Indisputable Facts about IoT Security

 |  |  |  |  |  | 
Sue Poremba

I began writing within the branded content/content marketing space in 2011, including articles, blog posts, SEO, Q&A, and profiles. My specialties are cy...

More from Data Protection
Cloud Security   March 15, 2023

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Data Protection   March 7, 2023

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

Data Protection   March 1, 2023

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Application Security   February 21, 2023

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature