Cyber-attacks continue to become more innovative and sophisticated. Unfortunately, while organizations are developing new security mechanisms, cybercriminals are cultivating new techniques to circumvent them. Along with the growth in the sophistication of cyber-attacks, so has our dependence on the Internet and technology.
The Internet of Things
The day when practically every electronic device will be connected to the Internet is not that far away. According to Cisco, there are approximately 15 billion connected devices worldwide and Dell forecasts that we may see upwards 70 billion connected devices by 2020 -- meaning 10 devices per human, talking to each other and sending out messages.
The Internet of Things (IoT) sensation holds the potential to empower and advance nearly each and every individual and business. In today’s global society, we’re always on and we’re always getting data sources from a variety of different sources. This is the heart of the IoT. Everything is connected and speaking to each other. Warming our cars on a cold morning, regulating thermostats in our homes and determining what your husband took from the refrigerator during his midnight snack, will all be carried out from mobile devices.
Moving forward, IoT devices will help businesses track remote assets and integrate them into new and existing processes. They will also provide real-time information on asset status, location and functionality that will improve asset utilization and productivity and aid decision making. But, the security threats of the IoT are broad and potentially devastating and organizations must ensure that technology for both consumers and companies adhere to high standards of safety and security.
The IoT at Home…and at Work
With the growth of the IoT, we’re seeing the creation of tremendous opportunities for enterprises to develop new services and products that will offer increased convenience and satisfaction to their consumers. The rise of objects that connect themselves to the Internet is releasing an outpouring of new opportunities for data gathering, predictive analytics and IT automation.
The rapid uptake of Bring Your Own Device (BYOD)is increasing an already high demand for mobile applications for both work and home. To meet this increased demand, developers working under intense pressure, and on paper-thin profit margins, are sacrificing security and thorough testing in favor of speed of delivery and the lowest cost. This will result in poor quality products that can be more easily hijacked by criminals or hacktivists.
The information that individuals store on mobile devices already makes them attractive targets for hackers, specifically “for fun” hackers, and criminals. At the same time the amount of apps people download to their personal and work devices will continue to grow. But do the apps access more information than necessary and perform as expected? Worst case scenario, apps can be infected with malware that steals the user’s information – tens of thousands of smartphones are thought to be infected with one particular type of malware alone. This will only worsen as hackers and malware providers switch their attention to the hyper-connected landscape of mobile devices.
With Potential Comes Risk
As I’ve said, the IoT has great potential for the consumer as well as for businesses. While the IoT is still in its infancy, we have a chance to build in new approaches to security if we start preparing now. Security teams should take the initiative to research security best practices to secure these emerging devices, and be prepared to update their security policies as even more interconnected devices make their way onto enterprise networks.
Enterprises with the appropriate expertise, leadership, policy and strategy in place will be agile enough to respond to the inevitable security lapses. Those who do not closely monitor the growth of the IoT may find themselves on the outside looking in.
About the Author: Steve Durbin is managing director of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cyber security, BYOD, the cloud, and social media across both the corporate and personal environments. Previously, he was senior vice president at Gartner.