The Internet of Things (IoT) is already changing how companies operate at almost every level of their business and in their interactions with clients and personnel. According to Business Insider, there are 1.9 billion interconnected devices today, with an expected 9 billion by 2018. By then, the number of IoT devices in use will surpass the number of smartphones, tablets and PCs combined. This represents a major opportunity for companies since the most valuable IoT applications will almost certainly be used by enterprises.

Top Enterprise Applications for the Internet of Things

Libelium, a wireless sensor networks platform provider, has released a list of IoT sensor applications for a smarter world, which is grouped in 12 different subjects such as industrial controls, e-health and smart water. The following are some of the top applications:

  1. Smart Cities: Waste management and the detection of trash levels in containers to optimize trash collection routes.
  2. Smart Environment: Air pollution and the control of CO2 emissions from factories, car pollution and toxic gases from farms.
  3. Smart Water: Water leakages, the detection of liquid presence outside tanks and pressure variations along pipes.
  4. Retail: Supply chain control and the monitoring of storage conditions along the supply chain and product tracking for traceability purposes.
  5. Industrial Control: Asset indoor location by using active (ZigBee) and passive (RFID/NFC) tags.

This list is useful in helping people and companies realize that we are in the IoT era and that there are huge opportunities and challenges around that concept.

Along With New Technology Comes Risk

Organizations and companies are actively deploying interconnected devices in their infrastructure at an exponentially increasing rate while trying to improve operations, meet the demands of the mobile workforce and, of course, reduce costs. Enterprises are taking advantage of the IoT by sharing information in their own network, but the problem is that the adoption of this new path for critical data also comes with unknown and yet-to-be-discovered security vulnerabilities.

A few years ago, the only wireless protocol was Wi-Fi, and it took many years and several revisions of the protocol to offer mature solutions to secure the transmission of data. Now, consider that there are many new IoT protocols that cannot be detected with traditional scanners and are floating around trying to connect and share information, such as Bluetooth, ZigBee, NFC, Thread and Nike+. That’s a new world of protocols that are in the early phases of development and, based on experience, they can be considered immature and relatively insecure.

Let’s imagine that you usually share your morning run with your friends by connecting your shoes to your computer with the Nike+ protocol. Today, you decided to take these shoes to the office, where a computer that is connected to the corporate network with access to critical information is paired with your footwear without notice. A malicious user can attack your shoes and have an open door to your data, all without raising an alert from detection systems since they are not even looking in that direction.

These vulnerabilities are real, emerging and can seriously affect an enterprise’s operations.

Are Enterprises Ready to Adopt the IoT?

A study released by HP Security Research reviewed 10 of the most popular devices in some of the most common IoT niches and revealed an alarmingly high average number of vulnerabilities per device. The following are some of the highlights of the study, which demonstrate potential problems and consequences for early adopters:

  • Seventy percent of devices used unencrypted network services.
  • Sixty percent of user interfaces were vulnerable to cross-site scripting.
  • Eighty percent of devices failed to require a password with sufficient complexity and length.

Enterprise security policies currently in place do not incorporate the IoT, while companies usually adopt a bring-your-own-device posture when trying to apply some control over their network. These are two very different concepts. The IoT includes not only personal devices, but also emerging technologies to control an environment, such as security controls activated by sensors. Administrators must refrain from mixing the concepts and should begin including the IoT in their risk management program in order to address security and privacy concerns and, as a result, the integration into company policies.

An in-depth, multilayered defense would be the correct approach to attacks on IoT security from the following fronts:

  • Education and awareness for employees about the risk of IoT devices;
  • Network isolation for devices that introduce connections points;
  • Security assessment for your environment looking for the latest technologies in the IoT.

The Internet of Things Is Here to Stay

IBM has just unveiled a new cloud-based service for the IoT as an extension for its existing platform to help developers connect across devices. Also, Red Hat recently published an article about the IoT coming to enterprises that discusses a three-tier architecture for making the IoT a reality. It is clear that the IoT is here to stay and is reshaping companies’ environments and technological requirements within the IT infrastructure to support it.

We are in an era where it is possible to collect data from everywhere in our environment, infrastructures, businesses and even ourselves. This massive amount of information is creating a new ecosystem of opportunities for the enterprise around its storage, analysis and accessibility. The IoT is becoming the next technological revolution that we will all participate in one way or another. We are all heading toward a future when practically everything will be connected and available to us.

To learn more watch the on-demand webinar: Securing the Internet of Things

More from Intelligence & Analytics

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Overcoming Distrust in Information Sharing: What More is There to Do?

As cyber threats increase in frequency and intensity worldwide, it has never been more crucial for governments and private organizations to work together to identify, analyze and combat attacks. Yet while the federal government has strongly supported this model of private-public information sharing, the reality is less than impressive. Many companies feel that intel sharing is too one-sided, as businesses share as much threat intel as governments want but receive very little in return. The question is, have government entities…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…