Today we are approximately 7,5 billion people on this planet, a qualified guess is that the number of connected devices are at least ten times greater. The things that make our everyday life easier and more convenient, also make us more vulnerable to attacks. We have only seen the start of the IoT revolution and we can expect that all companies in the future will have connected solutions as part of their offer. In other words, your company’s exposure to IT-risks is radically increasing.
Thieves are lazy, they break in where it’s easy
If you were a professional thief you would probably avoid breaking into houses that have security systems or intimidating dogs. The same goes for hackers. They prowl the net using robots, trying to find weaknesses in systems that they can use.
Sometimes they may be after specific information about your company. Something they can use. Financial information that can influence the stock market. Health information from a hospital can be used to extort the hospital or a specific patient. Accessing the software in a car to take over the control of the steering or the breaks. And hacking a nuclear power plant to….well, you get the idea.
“The objective here is not to get data, but to steal processing power from a wide range of small connected items.”
But the most common type of security breaches are hackers hijacking connected things that are easy to access. It can be anything, from webcams to wifi connected plant watering systems in an office. The objective here is not to get data, but to steal processing power from a wide range of small connected items, in order to accumulate strength for a large IT-attack, like crashing a site. Even if your company isn’t the target of the attack itself, it’s embarrassing for your brand to be associated with poor security.
The way forward – what to do?
IT security used to be the natural responsibility of the IT department, but when IoT entered the scene things changed. It became hazy who was responsible since IoT often are incited by other divisions. To define ownership of the IoT security in an organisation is therefore vital. Secondly you need to assess your risk areas are and what needs to be protected. Then you need to evaluate your internal competence and how much you are capable of handling yourselves. Firewalls, routines to prevent and detect intrusions etc. And if you still need an external partner to make your company safer, find one that can answer how they handle their own safety. Are they certified, how have they developed routines for themselves and how often do they do follow ups to maintain a high level of security?
- Define ownership of the IoT security
- Assess your risk areas, what needs to be protected?
- Do you have the knowledge in house?
- Chose a partner that has a good answer on how they handle their own safety
Is there such a thing as 100% security?
If someone claims that they have a solution that is foolproof, they don’t know what they are talking about. Creating and maintaining a high level of security is a work in constant progress. Rarely is it about spectacular crypto algorithms and complicated systems. For most it is better to use the technology that you already have and implement a security standard that is so user friendly that your employees actually follow it. What many companies have learned the hard way, is that most security breaches or virus infections are a result of human negligence. So security issues shouldn’t stop you from developing new IoT solutions, but you need to make sure that you develop security routines simultaneously.