Greater connectivity from IoT devices is good news for business – but it poses serious security risks
The unprecedented connectivity provided by the Internet of Things gives businesses greater access to data, new monitoring capabilities and unparalleled insights into their operations. As the price of IoT devices continues to fall, they are also more accessible than ever to the average consumer. This means that even if a business doesn’t explicitly use the IoT as part of its operations, it is likely to have the IoT devices of its employees on its systems.
As anyone who has ever tried to connect a personal device to their workplace internet knows, this can expose a network to serious security problems. Whereas traditional devices such as desktop computers evolved in line with digital defences, the same cannot always be said for items with IoT connectivity. So, with more businesses using the IoT, and with more employees bringing their devices into the workplace, what does this mean for the future of digital security?
A quick look at the stats
According to a recent report by the IT automation and security company Infoblox, over three quarters of organisations have more than 1,000 business devices connected to their enterprise network on any given day. Worryingly for Gary Cox, Technology Director at Infoblox, more than a third of organisations were also found to have in excess of 5,000 other, non business, IoT devices connected to their network. These devices could be personal items such as fitness trackers, mobiles and e readers.
“There is an ever expanding availability and variety in the type of IoT devices on the market to the public,” says Cox, “but the way in which these devices becomes secure hasn’t maintained pace with the scale of growth.”
Unfortunately for businesses, the poor security levels of many of these consumer devices mean they can pose a real threat when connected to an organisation’s network, as they operate under traditional protection mechanisms.
“Such devices can offer a weak point of entry to any cybercriminal looking for a way into the network, and so represent a serious security threat to the whole business,” Cox states. “What’s more, over the past few years, these devices have become more accessible to cyber criminals online via search engines for internet connected devices, such as Shodan. These search engines have become increasingly popular, enabling low level criminals to identify vast numbers of devices which can then be targeted.”
Security as a design principle
For John Grimm, Senior Director of IoT Security Strategy at Thales eSecurity, building trust in the IoT is a necessary step to ensure the future of this technology. This requires the integration of security into the very heart of IoT devices, rather than viewing it as an optional extra.
“For IoT to truly fulfil its undoubted potential,” he says, “a foundation of trust needs to be established. Devices must be built with security at the forefront rather than just as an afterthought. If manufacturers and vendors adopt this mindset and embrace developing standards and guidelines across the industry that are based on proven best practices, then the growth of the IoT ecosystem will only accelerate.”
This issue is only going to become more important with the increased adoption of connected devices.
“By 2020,” Grimm notes, “the number of connected devices worldwide is forecast to grow to almost 31 billion. With connected devices infiltrating every facet of our lives, consumers and enterprises alike need to remember that if they can’t trust these devices and the data they produce, the benefits they hoped to get from them can not only be nullified, but they can put them in jeopardy in new ways as well. Just recently, for example, researchers discovered vulnerabilities in a brand of pacemaker that allows attackers to control the devices remotely, potentially causing serious harm.”
For both Cox and Grimm, improving security in business applications of IoT is clearly a priority. This is particularly relevant as we await the roll out of 5G, which will bring increased capacity and reduced latency to wireless networks, unlocking even more data for businesses to make use of.
As Grimm notes, the IoT industry has always suffered from a lack of standardisation around security in the manufacturing of connected devices. In the past, low price points and short lead times to market have been prioritised over robust security practices. However, change may be on the horizon.
“It looks like progress in being made in this regard,” says Grimm. “The UK Government has launched a Code of Practice to secure the ever expanding ecosystem of connected devices. Though this initiative is voluntary, the likes of HP and Centrica Hive have signed up already. This kind of collaboration between governments and private sector manufacturers is a great sign.”
For more insights on the IoT, sign up to our weekly newsletter.