The Internet of Things (IoT) is not just hype anymore. It is taking off at an enormous rate, and the predictions of 20 billion connected devices by 2020 now sound entirely likely. But as it takes off, so do IoT security challenges for both enterprises and consumers.
Obstacles range from software updating issues to employee education and user privacy. But the greatest security challenge of all may be the sheer number of connected devices in the IoT world. This influx means more potential gaps in firewalls, more software that needs to be updated and more interactions that users need to be aware of.
The more thoroughly we prepare for IoT security now, the better off we will be as the mobile ecosystem continues to grow around us.
More Devices Means More Targets
First, we had to worry about the physical security of our computers. More recently, we have learned to worry about mobile phones and tablet devices. Now, according to CIO, “we have to worry about protecting our car, our home appliances, our wearables and many other IoT devices.”
The sheer number of IoT devices poses a security challenge because every internet-connected device is another potential target for cybercriminals. Because those devices end up being effectively inside someone’s firewall, IoT security is an issue for any network that incorporates one.
Given the sharp increase in the volume and variety of IoT devices, we must now be concerned not only with risks to data, but also with risks to human lives.
Software Updates and User Awareness
Keeping IoT devices updated is emerging as yet another challenge. Proper updating of software has long been considered foundational to effective security. Many well-established portions of the internet have responded appropriately, but this security consciousness has yet to take hold with the IoT.
Device vendors typically focus on getting their products quickly out the door and onto the market. In many cases, they fail to pay sufficient attention to updating existing devices. The problem is complicated by the widespread use of firmware in IoT devices, which can limit the degree to which pure software updates can be pushed onto devices remotely, requiring direct user involvement.
User education is critical when it comes to IoT security. This is a major challenge, as evidenced by the widespread use of weak passwords and the continued success of phishing campaigns around the world. This is an even bigger problem when it comes to IoT devices that most people don’t think of as computers at all. In fact, they may not even realize these devices are connected to the internet.
Privacy and IoT Security
Moreover, the IoT creates new issues surrounding privacy protection that are independent of cybercrime. Firms in the IoT ecosystem are eagerly looking for personal user data, such as health data from wearable fitness monitors, to sell to marketers. This issue is usually posed in consumer terms, but organizations also have a stake in controlling their own information.
With the IoT growing at an exponential pace, these IoT security concerns are relevant today — not tomorrow. They deserve the attention of all individual and institutional internet users.