Focusing on IoT Security

Focusing on IoT Security

2019 Trends in Internet of Things – final

The practice of securing technology has become more difficult as new trends have entered the landscape. With cloud computing, companies had to secure resources outside their perimeter. With mobile devices, companies had to ensure that data could be secured wherever it traveled. With IoT, companies face a monumental challenge: applying digital security to processes that have never before been digitized.

Chart: readiness to handle IoT security

Small businesses are the least prepared for the security demands of IoT. This stems from the fact that many small firms are currently grappling with a transition to modern IT security. For many years, small businesses operated under the assumption that their digital assets were not at risk from cyberattacks. To some extent, this may have been true, but the situation has changed; all data has value, and breaches can cause more disruption than ever. The risk is magnified when physical assets and processes can be hacked.

Among the workforce, employees in business units feel the most uncertainty around IoT security. Only 9% of business staff feel very well-equipped to handle IoT security, compared to 28% of IT staff and 26% of executives. Perhaps more than any other technology, IoT is a collaborative venture. Business staff will need to educate IT about their processes and objectives, and IT staff will need to educate business units about IT practices, including security.

One of the first steps that needs to be taken for IoT security is jointly deciding on corporate attitudes towards emerging technology initiatives. With new technology, there has to be a balance between breaking new ground and ensuring a secure approach. Since some of the early fears and struggles with cloud security, companies have been shifting their mindset to proactively consider security when exploring new models. When asked specifically about IoT, most companies show a tendency toward prioritizing cybersecurity over innovation. Nearly a quarter of companies surveyed feel that innovation should be the higher priority, a mindset that may accelerate short-term adoption but introduce long-term complications.

Chart: balancing innovation and cybersecurity

Beyond some of the changes companies may need to make to their overall security approach, there are some IoT-specific actions that should be considered. Vendor reviews are becoming more critical when building IoT systems. A whole new wave of vendors have suddenly begun offering technology products but may not have the internal expertise to build in security. Video cameras, lighting, and vehicles are all examples of products that are quickly becoming connected and intelligent, and there is a high risk of vulnerability without a thorough consideration of the digital components and the possible attack vectors.

Another security topic that takes on greater importance with IoT is availability. Most IT professionals already build redundancy into their systems, and there are assumptions around how often the primary system might fail or how long it would take to switch over to the backup. When IoT is integrated into physical environments—especially critical infrastructure—there is a lower tolerance for failure and less flexibility in waiting for a backup to kick in. Consider an IoT system managing a building’s water supply or connected to healthcare systems. The physical infrastructure that has been built for these types of situations is incredibly robust, and the digital components must be equally robust.

A final aspect of IoT security that merits careful analysis is compliance. The regulatory environment is already shifting to account for digital concerns, and this is another area where existing regulations may suddenly become the concern of IT. With regulatory compliance not being a strong suit for many firms outside highly regulated industries, the cost of compliance and the understanding of liability are major concerns. Companies will likely seek outside help in these areas, and the firms they partner with must be knowledgeable enough to take the lead in keeping their clients on the safe side.

Read previous :
Building Skills for IoT
Source: CompTIA

Related posts