|Photo: Simon Kouttis|
Take a closer look at this contributed piece by Simon Kouttis, Head of Cyber Security Practice, Stott and May.
|Photo: IDG Connect|
The benefits of the Internet of Things (IoT) are widely understood; the potential dangers, maybe less so. AT&T’s 2016 Cybersecurity Insight Report had some illuminating and worrying findings: while some 86% of companies are looking to adopt the technology, only 14% have a formal process to establish their total number of devices – and the relative safety of these devices. Worse still, only 17% involve their boards with their IoT protection efforts.
But even at board-level, the situation is far from ideal. One survey found that 52% of UK CIOs believe that, if they were to suffer any kind of security breach, they’d know which systems were affected, and to what extent, within 24 hours. In reality, it takes around 256 days to detect an attack – and on regular systems, which aren’t comprised of interconnected IoT nodes and sensors.
The IoT-enabled world may well revolutionise the enterprise, and the potential risks should not put off companies that might benefit from its advances. The early stages of any technology’s lifecycle are always a little awkward. But make no mistake: overconfidence can be deadly, inexperience will be exploited, and businesses intending to use IoT devices must take care to ensure that their safety protocols keep pace with their rate of adoption.
The IoT is, to some extent, a victim of its own clichés.
For example, the ‘connected car’ has become a popular trope, so when there’s talk of security issues, the headlines are invariably about car hacking. Just as the self-driving automobile masks the wider benefits of the IoT, the panic about some real-life Bond villain seizing control of traffic masks deeper, subtler – but no less troubling – issues. Hackers aren’t going to go to great lengths just to make people late for work, and neither are they especially interested in turning off fridges and TVs. These things are nodes that serve as entry points into other systems: they’re interesting to attackers because they offer access to systems and data.
Accordingly, the more devices you have, the more you need to protect. This can be a tall order if you haven’t got the requisite cyber security expertise in your team – so preparing this team and, in some instances, expanding it can be an excellent way to safeguard your company.
According to IBM research, 95% of cyber security incidents involve human error. The value of reducing the capacity for this kind of error is obvious – and particularly as IoT-enabled devices cause potential attack vectors to multiply.
Source: IDG Connect