Now and again, a tool comes along that can be used in so many different ways, to meet so many different goals, that it changes everything. Like the Internet of Things (IoT). Whatever business outcome is challenging you most – health and safety, reducing waste or simply, being more efficient – IoT can help. All sectors are adopting these devices and systems at top speed, for an almost limitless range of reasons. And in this fast-expanding market, research suggests business security practices around IoT have some catching up to do.
It’s a neat yet slippery name, ‘the Internet of Things.’ The term defines any device that can connect to the internet, but think less smartphone or laptop, and more the raft of new devices that send or receive data through networks for more precise reasons.
While consumers eye fridges that connect to the internet with wry suspicion, they nonetheless sell well. From wearable exercise monitors to virtual assistants, to smart lightbulbs, there’s been strong uptake.
But in business, IoT has been a bombshell.
The commercial sector has welcomed IoT with open arms, fast seeing its potential to bring a new era of control, transparency and efficiency.
Using IoT for business is now more common than not. Kaspersky’s 2020 report, With superpower comes super responsibility: Benefits and challenges of IoT in business found nearly two-thirds of companies worldwide use IoT. Analyst firms Gartner says there’ll be 25 billion global IoT connections by 2025, and IDC (International Data Corporation) and GSMA forecast business spending on IoT will reach $1.1 trillion in the same year, up over 500 percent on 2016.
Why has the world gone mad for IoT?
IoT can save money, create new revenue streams and optimize processes, to name but a few advantages. Kaspersky’s research showed the most common applications in business were things like metering, transportation and heating, venting and air conditioning (HVAC), but their application is almost without limit.
Take Singapore. To reduce pollution and congestion, and improve residents’ experience of getting around the city, they’ve recently implemented the IoT-based Green Link Determining (GLIDE) system. It links adjacent traffic signals to allow journeys with minimal stops, detecting vehicles and pedestrians and adjusting traffic signals for them. Or Barcelona, where they’re using IoT for smart street lighting, and air quality and noise sensors to make their urban systems data-driven.
Meanwhile, in manufacturing, IoT is making it possible to automate more, spot problems before they happen and better maintain equipment. Netherlands’ Tata Steel uses IoT sensors across its plant. Analyzing the data has helped the business optimize raw material use, increase yields and reduce waste. IoT has even let loose a whole new industry – ‘equipment as a service‘ – where customers pay by how much they use something, rather than leasing it for a period of time.
A whole new world of potential! What’s the catch?
As with any new technology that expands fast, we see many cases where the gate needs closing after the horse has bolted.
More than a quarter of companies and organizations using IoT said they’d had one or more security incidents with their connected devices in just the last year.
The same reasons IoT is changing the business world are why attacks on it are such a risk. The data these devices collect is often personal, commercially sensitive, or both. And as IoT devices are increasingly used for critical systems like traffic, electricity and transport, attacks that aim to stop services working risk public safety.
Overcoming the IoT security challenge
This high rate of compromise must not go on. What’s going wrong, and how can you make sure you get it right when implementing IoT? Minimize the IoT cybersecurity risk by following good processes and asking good questions. Kaspersky’s report recommends six areas of action.
1. Look at security during selection
Assess the device and system security before you decide to use it. Give preference to devices with cybersecurity certificates and from makers who are upfront about information security. Look for industry- or use-specific frameworks your business can use to research the device security, such as Industrial Internet Consortium’s IoT security maturity model.
2. Lock the gate
Gateways described as ‘secure’ or ‘trusted’ sometimes protect only connected devices and not the gateway itself. If the gateway is compromised, cybercriminals can deactivate security, affecting all IoT devices on the network. Use an IoT Secure Gateway solution.
3. Audit regularly
Schedule regular cybersecurity audits and risk assessments on IoT systems. Make sure the team responsible for protecting IoT systems has up-to-date, high-quality threat intelligence.
4. Update regularly
Have a process for getting information on software and application vulnerabilities and making timely updates.
5. Analyze network traffic
Smart devices sometimes use a corporate network to communicate with the data center. Use a cybersecurity solution that analyzes network traffic, and detects and prevents network attacks on IoT. Integrate the analysis into the business’s network security system.
6. Stay in control of your partner and supplier relationships
Have an up-to-date list of your partners and suppliers, and the data they can access. Give all partners requirements to follow, including compliance and security practices. Ensure those you no longer work with can’t access your data and assets.
We all stand to benefit from the efficiency, health and safety, and environmental improvements IoT is already making. If businesses can implement IoT securely, it needn’t pose a greater risk of compromise than other technologies. In the coming years, I believe we’ll see more and more impressive IoT applications that make a difference not only to the business bottom line but to our daily lives.