Chances are you’ve caught wind of the many breaches in privacy and security lately.
In today’s hyper-connected and automated world where your cell phone can talk to your coffee maker, how do you keep your personal and your organization’s privacy and security, well, private and secure while taking part in all the things Internet of Things (IoT) has to offer?
In this article, we discuss all things to consider when adopting new technologies.
Security and privacy are huge new concerns in the age of the Internet of Things. With objects talking to each other, transmitting information about where they are and what's happening to them, the opportunity for criminals to intercept and steal data is expanding exponentially.
Massive data breaches are already a threat as hackers seek to steal private information stored in corporate and government customer databases. Add to that the risks inherent in using a smartphone for transactions such as banking and tap-to-pay applications, and the stakes rise even higher.
It's no wonder then that the average person is worried about their ability to maintain their privacy in this environment. A survey conducted in 2015 by the Pew Research Center showed that for 93 percent of Americans it is very important that they control who can get information about them.
And yet, confidence in those collecting the information is low. Government agencies and telephone companies received only a 31 percent vote of confidence that they would keep private records secure. Credit card companies are viewed somewhat more highly, with 38 percent expressing confidence in the security of their data. [1]
The pressure is on for companies to ensure they have the best possible protection for their data, and that entrusted to them by clients.
With the rapid evolution of the Internet of Things, "the attack surface for adversaries is target-rich". [2] In other words, every time a new application is born there is potential for exploitation by the unscrupulous. Data security needs to be as important as the application that uses that data.
A little more unsettling is the notion that existing technology vendors may have forgotten some of the security lessons learned during the early years of networking and cloud computing. And new vendors pushing into the market have not learned them yet. [3]
That's why a group of developers has come together to create the Internet of Things Security Foundation (IoTSF). It's a non-profit, vendor-neutral and collaborative effort "designed to propagate good security practice, increase adopter knowledge and raise user confidence." [4]
"When adopting IoT it is crucial for businesses to factor in security aspects from the start of the initiative," says Foundation member Elevenpaths in its paper Insecurity in the Internet of Things. "Creation and employment of procurement standards for IoT devices is essential, particularly in this nascent stage of the lifecycle, applying lessons in network, application and cloud security." [5]
The good news is that because the Internet of Things hasn't reached full maturity—it’s not likely to reach widespread implementation for another 5 years or so—there is time to ensure that "security by design" is reinforced as a key principle in IoT technologies.
The lesson is that IoT security needs to be a boardroom concern for companies embarking on IoT-enabled enterprise.
As the Foundation points out, "with more than just reputations at stake, it is imperative that technology providers, system adopters and users work together to ensure security is fit-for-purpose. It is fundamental to the adoption of systems and reaping the social and business benefits." [6]
It's clear that an extremely cautious, eyes-open approach is needed to ensure the success of any IoT venture. Your company's reputation, and entire business model could be at stake and open for the taking if your security measures aren't ready for a potential attack.
We invite you to download our white paper ‘The Internet of Things and the Modern Supply Chain’ for more information on the subject.
References:
Americans’ Attitudes About Privacy, Security and Surveillance, Mary Madden and Lee Rainie, Pew Research Center, May 20, 2015. www.pewinternet.org/2015/05/20/americans-attitudes-about-privacy-security-and-surveillance/
IoT Security Foundation website. https://iotsecurityfoundation.org/about-us/
Precis of Trend Report: Insecurity in the Internet of Things. IoT Security Foundation website. https://iotsecurityfoundation.org/report-insecurity-in-the-internet-of-things/
IoT Security Foundation website. https://iotsecurityfoundation.org/about-us/
Trend Report: Insecurity in the Internet of Things, Telefonica, 06/10/2015. [https://www.elevenpaths.com/wp- https://www.elevenpaths.com/wp-content/uploads/2015/10/TDS_Insecurity_in_the_IoT.pdf]
IoT Security Foundation website. https://iotsecurityfoundation.org/about-us/.