October 31, 2014 By Omner Barajas 4 min read

The Internet of Things (IoT) is already changing how companies operate at almost every level of their business and in their interactions with clients and personnel. According to Business Insider, there are 1.9 billion interconnected devices today, with an expected 9 billion by 2018. By then, the number of IoT devices in use will surpass the number of smartphones, tablets and PCs combined. This represents a major opportunity for companies since the most valuable IoT applications will almost certainly be used by enterprises.

Top Enterprise Applications for the Internet of Things

Libelium, a wireless sensor networks platform provider, has released a list of IoT sensor applications for a smarter world, which is grouped in 12 different subjects such as industrial controls, e-health and smart water. The following are some of the top applications:

  1. Smart Cities: Waste management and the detection of trash levels in containers to optimize trash collection routes.
  2. Smart Environment: Air pollution and the control of CO2 emissions from factories, car pollution and toxic gases from farms.
  3. Smart Water: Water leakages, the detection of liquid presence outside tanks and pressure variations along pipes.
  4. Retail: Supply chain control and the monitoring of storage conditions along the supply chain and product tracking for traceability purposes.
  5. Industrial Control: Asset indoor location by using active (ZigBee) and passive (RFID/NFC) tags.

This list is useful in helping people and companies realize that we are in the IoT era and that there are huge opportunities and challenges around that concept.

Along With New Technology Comes Risk

Organizations and companies are actively deploying interconnected devices in their infrastructure at an exponentially increasing rate while trying to improve operations, meet the demands of the mobile workforce and, of course, reduce costs. Enterprises are taking advantage of the IoT by sharing information in their own network, but the problem is that the adoption of this new path for critical data also comes with unknown and yet-to-be-discovered security vulnerabilities.

A few years ago, the only wireless protocol was Wi-Fi, and it took many years and several revisions of the protocol to offer mature solutions to secure the transmission of data. Now, consider that there are many new IoT protocols that cannot be detected with traditional scanners and are floating around trying to connect and share information, such as Bluetooth, ZigBee, NFC, Thread and Nike+. That’s a new world of protocols that are in the early phases of development and, based on experience, they can be considered immature and relatively insecure.

Let’s imagine that you usually share your morning run with your friends by connecting your shoes to your computer with the Nike+ protocol. Today, you decided to take these shoes to the office, where a computer that is connected to the corporate network with access to critical information is paired with your footwear without notice. A malicious user can attack your shoes and have an open door to your data, all without raising an alert from detection systems since they are not even looking in that direction.

These vulnerabilities are real, emerging and can seriously affect an enterprise’s operations.

Are Enterprises Ready to Adopt the IoT?

A study released by HP Security Research reviewed 10 of the most popular devices in some of the most common IoT niches and revealed an alarmingly high average number of vulnerabilities per device. The following are some of the highlights of the study, which demonstrate potential problems and consequences for early adopters:

  • Seventy percent of devices used unencrypted network services.
  • Sixty percent of user interfaces were vulnerable to cross-site scripting.
  • Eighty percent of devices failed to require a password with sufficient complexity and length.

Enterprise security policies currently in place do not incorporate the IoT, while companies usually adopt a bring-your-own-device posture when trying to apply some control over their network. These are two very different concepts. The IoT includes not only personal devices, but also emerging technologies to control an environment, such as security controls activated by sensors. Administrators must refrain from mixing the concepts and should begin including the IoT in their risk management program in order to address security and privacy concerns and, as a result, the integration into company policies.

An in-depth, multilayered defense would be the correct approach to attacks on IoT security from the following fronts:

  • Education and awareness for employees about the risk of IoT devices;
  • Network isolation for devices that introduce connections points;
  • Security assessment for your environment looking for the latest technologies in the IoT.

The Internet of Things Is Here to Stay

IBM has just unveiled a new cloud-based service for the IoT as an extension for its existing platform to help developers connect across devices. Also, Red Hat recently published an article about the IoT coming to enterprises that discusses a three-tier architecture for making the IoT a reality. It is clear that the IoT is here to stay and is reshaping companies’ environments and technological requirements within the IT infrastructure to support it.

We are in an era where it is possible to collect data from everywhere in our environment, infrastructures, businesses and even ourselves. This massive amount of information is creating a new ecosystem of opportunities for the enterprise around its storage, analysis and accessibility. The IoT is becoming the next technological revolution that we will all participate in one way or another. We are all heading toward a future when practically everything will be connected and available to us.

To learn more watch the on-demand webinar: Securing the Internet of Things

More from Intelligence & Analytics

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today