The Internet of Things (IoT) has the potential to create a global ecosystem of connected devices and products. Soon our cars, our appliances – and even our cities – will use IoT to maximize productivity, safety and efficiency.
But new innovations also raise new questions. Gartner estimates there will be 20 billion connected devices by 2020. While consumers are excited about the benefits of smart, connected devices, many have questions about IoT privacy and security.
Poorly-secured IoT devices, whether inside enterprise networks or consumer homes, let hackers “pivot” their illegitimate control from the IoT device to more devices and systems inside the intranet. Such security weaknesses can also expose sensitive data, such as when a connected printer is “sharing” with a malicious actor on the outside. And the destructive potential of botnets – networks of connected devices that are harnessed and controlled by bad actors – has increased exponentially as they attack and leverage IoT devices. Overall, cybercrime costs the global economy more than $600 billion each year, according to a Council on Foreign Relations study.
Caution about privacy and security is understandable. But let’s not forget that these innovations can make daily life easier and more efficient. More than 70 percent of consumers are willing to sacrifice some privacy given the benefits of technology. The Consumer Technology Association (CTA) ™ advocates for products to be made that build and maintain trust throughout the entire process – from product development to marketing to implementation. And it’s paramount that chief information officers and chief technology officers maintain this trust, too.
For enterprises, the IT team should know what’s connected to the network. If employees are connecting devices on a bring-your-own-IoT basis, the exposure points and vulnerabilities are unknown. Scanning tools and internal procedures for connectivity can help. IoT deployment may also increase network traffic, although many IoT devices use small bandwidth. When IoT devices are deployed at scale throughout the enterprise, supplier agreements will need to consider privacy and security as well as enterprise-friendly features like logical asset identification (the ability of a device to securely identify itself on the network).
Of course, no deployment will be perfect. Establish a policy for accepting outside notification of weaknesses. Contacting your IT staff via the email address of email@example.com is a common way that researchers and other “white hats” will seek to help your security team help themselves. Consider a “bug bounty” program to reward and encourage this kind of help.
Consider how you manage the risk of security challenges. The National Institute of Standards and Technology (NIST) maintain the Cybersecurity Framework to help business managers identify, quantify and manage key risk categories.
Consider how you test your own security efforts against others in your industry. Check out the BSIMM (Building Security In – Maturity Model). BSIMM is a broad industry survey of best practices and a good way to check your progress and set future goals.
For professional installers and the more technically-minded consumer, CTA offers a website with resources, the Connected Home Security System, which offers guidance for product designers, managers, and installers on how to enhance and maximize cybersecurity. It also includes tips on how companies can create a tool that gauges what internal security steps they need.
For consumers, when it comes to personal security, the current advice remains the same, regardless of a ramp-up in IoT technology. Taking concrete steps such as creating strong, varying passwords and storing them in a safe location. And consider using two-factor authentication, which lowers the likelihood of attack. Install firmware updates for IoT devices and communications gear. Many updates are to improve security as vendors respond to new threats.
As IoT technology becomes more pervasive, we’re likely to see an increase in professional installers who specialize in IoT security. Connecting your lights and your dishwasher to your Alexa or Siri might be simple enough, but professionals will be able to recommend and install software that protects these devices from being exploited by thieves.
IoT is poised to offer consumers and businesses an unprecedented level of connectivity – a surge of data that, when extended to entire cities and regions, will literally change the world. It’s our job to keep that data safe and secure.