Many objects nowadays can be turned into internet-connected devices, and any one of them can make its way into the workplace. In fact, Gartner expects more than 65 percent of enterprises will deploy Internet of Things (IoT) products by 2020.

While employees may enjoy the benefits offered by IoT technologies, chief information security officers (CISOs) and other security decision-makers have a different view of these devices. IoT security, particularly the risk of personal data exposure, is quickly becoming one of their top priorities.

Some IoT Security Concern Is Based on Personal Experience

Not surprisingly, as the number of IoT devices in the workplace increases, so do the security threats associated with them. Over the next couple of years, we should expect that more than a quarter of cyberattacks will directly involve the IoT, Gartner warns.

With this in mind, researchers with Tripwire polled attendees at this year’s Black Hat USA to gauge their concerns about IoT security. Sixty percent of participants said they were more worried about IoT security in 2018 than they were last year, and even those who weren’t more or less concerned still reported feeling worried about the security of IoT devices.

Some of this concern comes from personal experience: About 20 percent of respondents said they personally encountered an IoT-related attack at work or on their home network. But perhaps the more alarming statistic is that 14 percent said their IoT devices may have suffered an attack, but they didn’t know for sure.

As Craig Young, a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team, points out, too many security professionals lack the basic tools, security systems and knowledge to determine if their devices have been compromised, and that could lead to serious trouble down the road.

The Business Value of IoT Solutions

Eliminating IoT from the enterprise is not an option. For many organizations, IoT solutions add significant business value. As Consumer Goods Technology reported, “One of the most game-changing aspects of smart, connected products is how they allow product companies to create new consumer needs and establish new user habits. These new smart connected products rely on new habits, on trying to predict what will tick and what will be a hit with today’s consumers.”

Based on a 2017 Forrester report, Network World reports that the IoT improves business value in three ways:

  1. Improved product functions through design.
  2. Better business operations with digital automation.
  3. Enhanced consumer services.

However, all this IoT technology also creates a larger attack landscape for threat actors that organizations aren’t prepared for. As the aforementioned Gartner report states, “IoT security is often beyond the average IT leader’s skill set, as it involves managing physical devices and objects rather than virtual assets.” Security of IoT devices, the report continues, is often a barrier to the IoT’s overall effectiveness, which, in turn, hurts its business value.

IoT Data Is a Nightmare for the GDPR and Other Privacy Laws

The IoT also generates massive amounts of data, and this sets up another security issue. According to the Tripwire survey, the top issue surrounding IoT security is protection of personal data, followed by botnets and network compromise.

Because of how IoT devices collect data, it is more difficult to ensure data privacy for consumers, especially under the European Union’s General Data Protection Regulation (GDPR) and other new privacy laws. “The aggregation and correlation of data from various sources make it increasingly possible to link supposedly anonymous information to specific individuals and to infer characteristics and information about them,” wrote Cameron F. Kerry for Brookings.

Data generated from a smart city’s web of cameras and meters, for example, is nearly impossible to protect under privacy regulations. How do you alert thousands of otherwise anonymous people that their personal information is being gathered and stored? The onus falls on the security departments of the smart city to ensure the IoT devices they are using are secure, as are all aspects of data collation and storage. At the same time, as we’ve seen, security experts are still trying to figure out the best way to approach the IoT’s flaws and vulnerabilities.

Embrace Time-Tested Techniques to Secure the IoT

There are solutions on the horizon. The 2018 Global PKI Trends Study from the Ponemon Institute and Thales found that the IoT is “the fastest-growing trend in the deployment of applications that use public key infrastructure (PKI).”

“For safe, secure IoT deployments, organizations need to embrace time-tested security techniques, like PKI, to ensure the integrity and security of their IoT systems,” said John Grimm, senior director of security strategy at Thales eSecurity.

IoT security jumped in importance for many security professionals this year because IoT use has increased within many organizations. Now, our tools and solutions need to catch up.

Five Indisputable Facts about IoT Security

More from Data Protection

Data never dies: The immortal battle of data privacy

4 min read - More than two hundred years ago, Benjamin Franklin said there is nothing certain but death and taxes. If Franklin were alive today, he would add one more certainty to his list: your digital profile. Between the data compiled and stored by employers, private businesses, government agencies and social media sites, the personal information of nearly every single individual is anywhere and everywhere. When someone dies, that data becomes the responsibility of the estate; but what happens to the privacy rights…

Vulnerability resolution enhanced by integrations

2 min read - Why speed is of the essence in today's cybersecurity landscape? How are you quickly achieving vulnerability resolution? Identifying vulnerabilities should be part of the daily process within an organization. It's an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make vulnerability management a challenging task. In the past, many organizations had to support manual integration work to get different security systems to ‘talk’ to each…

Cost of a data breach 2023: Geographical breakdowns

4 min read - Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic regions, and 17 industries. In the report, the top five costs of a data breach by country or region (measured in USD millions) for 2023…

Cost of a data breach 2023: Pharmaceutical industry impacts

3 min read - Data breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place at the top spot of most costly data breaches is probably not a surprise. With its sensitive and valuable data assets, it is one of…