The Internet of Things has ushered in a sea change in a variety of business sectors. It’s driving positive change: lower waste, higher efficiency, a more joined-up supply chain, and a more proactive approach to outages. In 2019, these changes are impacting a wide range of industries, as demonstrated by the variety of conference tracks available at Internet of Things World in Santa Clara this month.
At the same time, our adoption of IoT at work (following our widespread adoption at home) is rapidly increasing the number of devices connected to the internet. The numbers are already phenomenal and are set to grow quickly. Connected, active IoT devices are predicted to number 10 billion by 2020, and 22 billion by 2025. As businesses adopt the new tech in ever-increasing numbers, competitors will catch on; the advent of AI will also give us more ways to use the data that’s flowing in from our sensors.
This welcome investment in IoT over the next five to six years should give rise to huge efficiency gains, benefiting businesses, consumers, and — potentially — the planet. What could possibly go wrong?
How Secure is IoT Really?
An IoT device is no different to any other network-connected device. In itself, IoT is not risky. But it can pose risks in specific situations.
Consider a router on your network that is rarely checked for new firmware. As the router’s software ages, and it falls behind the update cycle, it becomes more appealing to hackers who have figured out how to get around its security.
IoT is no different. A poorly-managed IoT deployment generates significant risks and the sheer number of devices just multiplies the risk; there’s a whole lot of maintenance to plan for. Without ongoing investment into security, all of this new hardware is setting us up for a fall unless we understand the importance of keeping it secure.
Same Old Same Old?
In actual fact, IoT security is no more exotic than general network security — there’s just a lot more of it. Each device is a potential weak point that could be exploited if it wasn’t correctly secured. For example, every device needs to run the latest manufacturer firmware, and each one needs to have a unique password that’s difficult to guess.
Some of the techniques in use to secure IoT deployments are relatively straightforward. According to industry figures, 45% of companies have decided to use a dedicated network for IoT, keeping the sensors siloed from the wider company network. That’s a sensible move. It’s also sensible to look at physical security, monitoring, and access. Where are your sensors? Who can get to them? If someone installed unwelcome software on the network via a rogue device, how quickly would you know?
All of this points to a need for much wider investment in training and skills so that there are enough people ready to provide the necessary maintenance and technical support. Again, a high proportion of businesses are working towards this; 46% say they’re rolling out internal training for everyone — not just those in IT roles.
Digital transformation has taught us valuable lessons about technology adoption. In the rush to move to the cloud, some businesses failed to keep their migrations reigned in tight. Shadow IT wreaked havoc as employees found their own solutions. BYOD led to malware infection and uncontrolled data transfer.
As we start the process of embedding IoT (and, soon, AI), we’re in the fortunate position of having learned lessons from mistakes of the past. With IoT, we now know that achieving staff buy-in will be key across every organization and sector. Businesses would do well to remember that these devices are not ‘set and forget’. So, while early adoption is great — and should ensure a head start on competitors — it would be unwise to roll out a slew of IoT sensors without the people who are well training in how to maintain them.
Additionally, we’ve learned that ensuring cyber security it isn’t just a case of providing tech support when things go wrong, although that is important. It’s also about engineering the required culture change so that everyone knows how important cyber security is and keeps it top of mind once IoT is successfully deployed.