Back in March, at Mobile World Congress in Barcelona, we heard predictions of more than 25 billion IoT connections across the globe within the next 30 years. There seems to be nothing that can't be connected to the internet. But, without robust IoT security, the enterprise will be open to new risks.
Already the use of IoT technologies is transforming every industry in it touches:
- Manufacturers are using sensors throughout their factories to achieve new efficiencies in preventative maintenance.
- In healthcare, IoT is enabling healthcare providers to enhance remote patient monitoring. By being able to gather and access a wide range of data, they can then leverage that data to deliver the best possible care.
- In agriculture, IoT is creating ways to increase the efficiency, quality and sustainability of global food production.
Everything that gets connected can get hacked
Of course, with the upside of innovation and new connected technologies comes the downside of the potential for greater risks. In much the same way as everything that goes up has to come down – everything that gets connected can get hacked.
With the wave of IoT sensors fast reshaping industries, it’s important for all business leaders to focus on IoT security strategy best practices. All too soon, it will become critical to have the right resources in place to secure connected devices and sensors as it is to secure traditional PCs, and mobile devices.
IoT security strategy starts with risk assessment
To get the ball rolling, it’s essential to understand the vulnerabilities of connected devices. Your IoT risk assessment should include an audit of your network, the applications, and security protocols to mitigate. Bear in mind that the nature of IoT deployments can make them difficult to secure against cyber threats.
It’s important to be proactive in order to prevent IoT security breaches before they occur. A robust endpoint protection platform will help you protect IoT devices across your network, and deliver increased visibility of IoT devices on your network, helping identify rogue IoT devices.
Of course, in the same way it’s critical to update mobile devices when upgrades become available, it’s also critical to deploy upgrades or security patches as soon as they are released for IoT devices. It’s useful to have your IT security team maintain a list of IoT devices and their patch schedules.
As some IoT devices are “unpatchable”, they cannot be made secure. So, if possible, mandate the purchase IoT devices with a proven security record and strong update support.
It’s important to ensure the networks you use for IoT are secure. Nothing new here, just make sure you use strong user authentication and access control mechanisms. As always, wherever possible enforce two-factor authentication.
As many IoT devices will be storing and transmitting sensitive, personally identifiable information, robust data security protection and breach detection is critical. While there are various ways of detecting data breaches, normal threat dedication methods are proving inadequate for the burgeoning number of IoT devices. According to a study by digital security company Gemalto, only around half (48%) of businesses can detect if any of their IoT devices suffers a breach.
This should serve as a wake-up call for all businesses. Any organisation that is serious about exploiting the true potential of IoT needs to get serious about data security.
Assess your risk
IoT security also requires having strong policies in place together with comprehensive training programs for all employees involved with IoT. Use our data risk calculator to assess data risk in your organisation.