IoT devices and systems, are they 'gateways' to cyber events?
IoT will continue its steady growth patterns for the foreseeable future. The estimate is 20 billion “things” by the end of this year — that is a big population of IoTs! With research pointing towards retail, healthcare and supply chain as key commercial markets that have a high adoption of IoT, meeting the need for security controls will be a massive undertaking. There is a need to secure the devices and data from the platform to the infrastructure, as well as the need to monitor the profile and behavior of the IoT devices and deployments. As with other new emerging technologies, standards have begun and will continue to appear from OEMs through collaborative and proven workgroup models. As these standards become adopted, a new wave of products will be delivered as upgrades and updates to performance, features and security. We have all seen this in the products space through our tech lives. I expect the transition to have a three- to five-year cycle to refresh the IoT populate — just an opinion of course!
During the transition and post-transition, the necessity for cyber event monitoring, device profiling and analytics for data and information protection will be a priority. Today, we are in the position of “houses without doors and windows,” and are transitioning to “houses with doors, windows and locks” to the latter with full awareness of the events inside and outside of the house.
What do we want to know about IoT devices and systems? Their security posture? Their profile and state? Their communication paths? How about knowledge about their activity such as “on,” “off” and “connected when?” We need to know if and when they are infected with malware or viruses, or are connected to “bad actors.” These types of questions need both current and future technology as platforms are standardized and likely have embedded security. There is always the question of “opt in?” — did the platform owner opt in and enable any of the security capabilities?
In my experiences with vertical markets and the adoption of IoT, the benefits are measurable in terms of productivity, awareness of the device and control. However, the downside is in the lack of security, cyber event monitoring and profiling/posture that have created significant risks. In most vertical markets, the risk of a cyberattack is typically targeted to access corporate data. Deployment of malware, viruses, ransomware and distributed denial-of-service attacks has been very damaging as well. One piece of advice is that we, on a consistent talk track, move all IoT devices to their own network in order to segment them from data networks. Time and time again, IoT devices and systems are the gateways to the corporate data — shame, shame, shame…
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.