We are experiencing unprecedented growth in connectivity between the digital and physical worlds, where data resides in the cloud, on mobile technology and devices connected to the “Internet of Things” (IoT). While the opportunities are fascinating, cyber security is the leading challenge when it comes to the adoption of IoT technology because insecure interfaces increase the risk of unauthorized access.
The proliferation of physical objects (devices, cars, houses, wearables) that contain sensors, software and the ability to communicate over home and office networks, favor low prices over strong security, making them easy pickings for hackers. The company that maintains the smart device may not be as passionate about patching software vulnerabilities as you are.
Every ecosystem has a weak link
Cyber adversaries are innovative, organized, and relentless in finding new ways to infiltrate, corrupt and weaponize whatever touches the internet – often bit by bit. Rather than simply going straight after the larger, and often better protected, intended target, adversaries worm their way into that organization’s supply chain, using smaller, less secure trusted partners and suppliers to gather intelligence and set traps.
While a largely regulation-free tech industry may soon be a thing of the past, for now, in a world which lets anyone build and share new code and services, with consequences to be dealt with later, security concerns over those seemingly innocuous devices should not be overlooked.
ATTACK SURFACE
Your organization’s risk surface is likely much larger than you think. Hackers can gain entry to a corporate network through an IoT device. Companies need to consider the threats that lurk below the surface and figure out how a cyber adversary may try to target your organization through vulnerabilities across your entire connected ecosystem.
PERIMETER SECURITY
IoT technology relies on cloud-based services, posing a challenge to organizations seeking to implement effective perimeter defenses. In the cloud, your perimeter becomes very confusing and fuzzy. Organizations should look to adopt different tools to safeguard data residing in public clouds and align their cloud strategy wider cyber security risk management efforts.
PRIVACY CONCERNS
As we see an uptick in regulatory scrutiny and enforcement actions for privacy violations, the pervasiveness of IoT data collection, coupled with advanced analytic capabilities, elevate the need for enhanced data governance policies and practices. Knowing where your data is, and who can access it, should be a priority, and we strongly recommend encrypting sensitive information and adopting tools to help monitor whether data is only being accessed by authorized users.
DEVICE MANAGEMENT
Many IoT devices currently do not support implementation of strong security controls, and maintaining a security baseline will only get harder as IoT devices proliferate.
Devices are sold with weak or no passwords and can be too small and cheap to contain robust security safeguards.
Updating cyber risk assessments to include these known vulnerabilities can help you identify effective risk mitigation strategies and prioritize operational enhancements to your security defenses.