Light Dark
October 4, 2018 By Sue Poremba 3 min read
Data Protection
Endpoint
Risk Management

Many objects nowadays can be turned into internet-connected devices, and any one of them can make its way into the workplace. In fact, Gartner expects more than 65 percent of enterprises will deploy Internet of Things (IoT) products by 2020.

While employees may enjoy the benefits offered by IoT technologies, chief information security officers (CISOs) and other security decision-makers have a different view of these devices. IoT security, particularly the risk of personal data exposure, is quickly becoming one of their top priorities.

Some IoT Security Concern Is Based on Personal Experience

Not surprisingly, as the number of IoT devices in the workplace increases, so do the security threats associated with them. Over the next couple of years, we should expect that more than a quarter of cyberattacks will directly involve the IoT, Gartner warns.

With this in mind, researchers with Tripwire polled attendees at this year’s Black Hat USA to gauge their concerns about IoT security. Sixty percent of participants said they were more worried about IoT security in 2018 than they were last year, and even those who weren’t more or less concerned still reported feeling worried about the security of IoT devices.

Some of this concern comes from personal experience: About 20 percent of respondents said they personally encountered an IoT-related attack at work or on their home network. But perhaps the more alarming statistic is that 14 percent said their IoT devices may have suffered an attack, but they didn’t know for sure.

As Craig Young, a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team, points out, too many security professionals lack the basic tools, security systems and knowledge to determine if their devices have been compromised, and that could lead to serious trouble down the road.

The Business Value of IoT Solutions

Eliminating IoT from the enterprise is not an option. For many organizations, IoT solutions add significant business value. As Consumer Goods Technology reported, “One of the most game-changing aspects of smart, connected products is how they allow product companies to create new consumer needs and establish new user habits. These new smart connected products rely on new habits, on trying to predict what will tick and what will be a hit with today’s consumers.”

Based on a 2017 Forrester report, Network World reports that the IoT improves business value in three ways:

  1. Improved product functions through design.
  2. Better business operations with digital automation.
  3. Enhanced consumer services.

However, all this IoT technology also creates a larger attack landscape for threat actors that organizations aren’t prepared for. As the aforementioned Gartner report states, “IoT security is often beyond the average IT leader’s skill set, as it involves managing physical devices and objects rather than virtual assets.” Security of IoT devices, the report continues, is often a barrier to the IoT’s overall effectiveness, which, in turn, hurts its business value.

IoT Data Is a Nightmare for the GDPR and Other Privacy Laws

The IoT also generates massive amounts of data, and this sets up another security issue. According to the Tripwire survey, the top issue surrounding IoT security is protection of personal data, followed by botnets and network compromise.

Because of how IoT devices collect data, it is more difficult to ensure data privacy for consumers, especially under the European Union’s General Data Protection Regulation (GDPR) and other new privacy laws. “The aggregation and correlation of data from various sources make it increasingly possible to link supposedly anonymous information to specific individuals and to infer characteristics and information about them,” wrote Cameron F. Kerry for Brookings.

Data generated from a smart city’s web of cameras and meters, for example, is nearly impossible to protect under privacy regulations. How do you alert thousands of otherwise anonymous people that their personal information is being gathered and stored? The onus falls on the security departments of the smart city to ensure the IoT devices they are using are secure, as are all aspects of data collation and storage. At the same time, as we’ve seen, security experts are still trying to figure out the best way to approach the IoT’s flaws and vulnerabilities.

Embrace Time-Tested Techniques to Secure the IoT

There are solutions on the horizon. The 2018 Global PKI Trends Study from the Ponemon Institute and Thales found that the IoT is “the fastest-growing trend in the deployment of applications that use public key infrastructure (PKI).”

“For safe, secure IoT deployments, organizations need to embrace time-tested security techniques, like PKI, to ensure the integrity and security of their IoT systems,” said John Grimm, senior director of security strategy at Thales eSecurity.

IoT security jumped in importance for many security professionals this year because IoT use has increased within many organizations. Now, our tools and solutions need to catch up.

Five Indisputable Facts about IoT Security

 |  |  |  |  |  | 
Sue Poremba

More from Data Protection
March 27, 2024

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

March 12, 2024

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

March 5, 2024

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature