IoT and security: Hype, hysteria or cause for concern? - IoT global network

Blogs

IoT and security: Hype, hysteria or cause for concern?

December 21, 2015

Posted by: George Malim

Mary Beth Hall, Verizon

Any new technology is bound to have its share of challenges and barriers — for example the initial security concerns around cloud computing — and the Internet of Things (IoT) is no different, writes Mary Beth Hall, the director of product management and development at Verizon. IoT currently connects millions of devices, and our commissioned research predicts there’ll be more than five billion IoT devices by 2020.

With smart devices adding billions of new access points into enterprise systems and communicating with the network, IoT security will be key. A number of studies have looked at IoT device security, such as recent research by HP that shows that 70% of IoT devices it tested contained security flaws. But just how big are the security threats?

Potential targets

In the Verizon 2015 Data Breach Investigations Report (DBIR), we looked at IoT from a security perspective and found there were actually very few incidents and little data disclosure to report for 2014. However, with IoT still in its infancy, it’s difficult to say with certainty what we’re facing. But we can look at what we do know. Of the projected five billion enterprise devices that will be around in 2020, not all of them will necessarily be internet-visible, and not all devices will be sending sensitive data. In fact, many of them will be simple devices that have a single function — like a light sensor.

That said, any device that is connected, regardless of whether it’s IoT-enabled, is a potential target for a cyber-attack. The devices themselves may not be the end target (they could be used to carry out malicious activity as part of a botnet attack), but they could be used as a gateway into the broader enterprise network and critical systems.

Don’t panic — the same rules apply

IoT is all about making the things around us smarter, but many sensors, especially those embedded in assets, must be frugal. Limitations on space mean that processing power and battery life are often limited. This means that many sensors aren’t capable of running the endpoint protection capabilities we’re used to seeing in more sophisticated assets, like laptops. But while some familiar security rules — such as applying anti-virus to all endpoints — don’t relate to IoT systems, many do:

Don’t cut corners

As IoT devices become more widespread and more closely integrated with core enterprise systems, the more important it is that security is made paramount from the start. Just as with any other IT system, organisations should regularly assess the risk, apply appropriate security measures, and test their effectiveness.