IoT – Opportunity and Threat – The ability to connect many kinds of objects to the internet and to collect data from sensors attached to them is a profound change which companies now need to embrace quickly in order to remain competitive. At the same time, the addition of multiple IoT devices onto corporate networks, and the handling of ever-increasing amounts of data from them, creates a major new security challenge. Even understanding the IoT security problem is not simple, let alone finding a solution to it. Hackers, on the other hand, only need to find one weakness to cause havoc.
The range of use cases for IoT to increase commercial efficiency in the corporate world is limited only by the number of useful things there are to measure and sense. From location tracking of assets and people, to monitoring of all kinds of remote devices, to equipment maintenance, to process monitoring, to energy usage and so on – the list seems endless. Whether the competitive advantage at stake is cost reduction, increased output, better understanding of customer behaviour or better forecasting, the common denominator is always information. And as the amounts and types of information increase, so does the security risk.
“So the question for a large number of companies is how to implement an IoT system to remain competitive, or gain a profit advantage, while at the same time keeping a lid on the cybersecurity risks – which include not only data loss, breach of the corporate network, theft and blackmail, but also potentially compromise of physical control systems.”Keith Maskell – Head of Cybersecurity, Titan Data Solutions Ltd
The Issue of Corporate IoT Security – For the individual consumer, IoT security on the home network can be a big enough headache. Whether it is a fridge or a security camera, the consumer may need to think whether to put the IoT device onto a separate WiFi network to ringfence it from other devices, consider how the device firmware is going to be patched to overcome security vulnerabilities, consider how the device connects to any cloud service and how secure that is, consider what networking configuration settings are going to be used, and so on – because compromise of the device can lead not only to data loss from the device, but also to cross-infection to other equipment on the home network.
The consumer picture is just a microcosm of the corporate IoT security problem. As corporate dependency on the IoT data increases, a security breach which leads to that IoT data falling into the wrong hands could be an extremely expensive, or even crippling event. Whether it is reputational damage, a large fine from the authorities for loss of private data, industrial espionage, or ransom demands, the result could be catastrophic.
The issue of corporate IoT security can be divided into two areas – on the one hand, the security of the IoT application itself and the data it collects, processes, holds and delivers; and on the other hand, the increased risks to the wider corporate network which either includes or is linked to this IoT system. Any IoT project must consider both these areas from the outset, and not as an afterthought.