IoT

Securing the Internet of Things: This decade’s IT challenge

Share this post:

ToC-IoT-strategy-7-stepsThe Internet of Things (IoT) trend is such a hot topic today… and for good reasons. There is no doubt that a world with a fully functional collection of IoT systems will bring tremendous benefits to our work and personal lives.

Let’s look at just three examples. Sensors in roads and in cars will tell drivers of dangerous road conditions, keep the car in the center of the road, and warn drivers of slow or stopped vehicles ahead. In healthcare, patients will wear medical devices that remotely communicate data to their physicians. In the hospital, nurses and surgeons will wear smart watches and glasses that give them the latest information from patient monitoring devices and lab results. In cities, street lights will inform maintenance crews which bulbs are out, trash cans will also tell crews when they’re full, and citizens will know exactly when the next bus will arrive at their corner stop.

While billions of connected “things” will improve the quality of people’s lives, change business processes and models, and reinvent entire industries, these same things provide new potential entrance points for criminal access to personal and corporate networks and data.

The potential for costly IoT security breaches is significant.

  • A recent HP Research study reported that 70 percent of IoT devices have at least one security flaw and that, astoundingly, each device averages 25 security flaws.
  • The reality is that, in today’s environment, an amateur hacker can conduct basic attacks from anywhere in the world by downloading existing tools. Even worse, sophisticated criminals, organized crime and nation states have entered the hacking game.
  • IDC has predicted that “within two years, 90 percent of all IT networks will have an IoT-based security breach.”
  • The cost of a data breach is getting more expensive. Ponemon Institute recently released its annual Cost of Data Breach Study: Global Analysissponsored by IBMAccording to the benchmark study of 350 companies spanning 11 countries, the average consolidated total cost of a data breach is $3.8 million – a 23 percent increase since 2013.

So this is perhaps the biggest IT challenge of the next decade. Academics agree; according to a recent IBM Center for Applied Insights studies, IoT security is one of the top priorities as they educate the next generation of security leaders.

ToC-IoT-cost-of-data-breachIf the IoT is to realize its full potential, security professionals must secure both IoT systems and the data collected from them. Security must be designed into devices, networks, and all system levels. While traditional network firewalls and security applications can manage the high-level traffic flowing through the Internet, the real challenge is how to embed security capabilities into endpoint devices. This is especially challenging when those devices typically have limited power and resources available to accomplish effective threat management.

The truth is security professionals and IoT device/system vendors have much work to do. However, the good news is that security professionals have been in the business of securing IT systems for many years, and I feel confident that they can apply all they have learned to IoT security, despite the unique constraints of the embedded devices.

Here is some basic guidance for those developing IoT strategies and systems:

  • Design security into IoT devices and systems from the ground up. Don’t think of security as something you add on after installing a device or implementing a system. Build security into operating systems, and take advantage of hardware-level security capabilities. Incorporate threat management capabilities as close to the endpoint as possible.
  • Plan on collecting and retaining the minimal amount of data needed. Encrypt all potentially sensitive data before sending over any network.
  • Partner with vendors that have appropriate emphasis on all elements of security, including threat intelligence analytics, identity and access management controls, and monitoring and patching products after release.
  • Conduct a complete security audit of the IoT system as it’s designed. Include privacy, risk and fraud assessments.
  • Test the security before launch, inviting security professionals to attempt to hack into the system.
  • Train staff on all risk elements associated with the IoT infrastructure and the data collected – from devices, to applications, to networks.
  • After launch, conduct another complete security audit of the entire system and continue to perform audits on a regular basis.

For security professionals, there are already a number of resources for raising industry awareness and increasing personal knowledge of IoT design best practices. I’ve selected a few here for you:

While the future looks bright for the benefits the IoT will have on all our lives, we must all focus on designing security into these new systems from the ground up. It is a very important issue, and I believe we are ready for the challenge.

Bill Chamberlin is an Emerging Tech Trends Analyst with IBM Market Research. This article originally appeared on the web site of the IBM Center for Applied Insights

More IoT stories

French insurer teams with IBM Services to develop fraud detection solution

Auto insurance fraud costs companies billions of dollars every year. Those losses trickle down to policyholders who absorb some of that risk in policy rate increases. Thélem assurances, a French property and casualty insurer whose motto is “Thélem innovates for you”, has launched an artificial intelligence program, prioritizing a fraud detection use case as its […]

Continue reading

Cloud innovation in real estate: Apleona and IBM rely on new technologies

Digitization does not stop at the proverbial concrete gold — real estate. In fact, the real estate industry is on the move. Companies are realizing the benefits of digital transformation and are capitalizing on the power of new technologies such as cloud, AI and blockchain. Take, for example, Apleona GmbH, one of Europe’s largest real […]

Continue reading

Innovate with Enterprise Design Thinking in the IBM Garage

We’ve all been there. You have an amazing idea that’s really exciting. Maybe it’s a home improvement project, or perhaps it’s a new business idea. You think about all the details required to make it real. But, once you get to the seventh action item, you’re not so excited anymore. Sometimes when we realize the […]

Continue reading