Source: CSO Magazine On:
In 2008, Bernie Madoff admitted to masterminding an $80 billion Ponzi scheme — a scheme that should have made many investors skeptical. Many victims, including several retirees, overlooked the warning signs and were financially ruined. Most of the money was never recovered.
While not a Ponzi scheme, internet of things (IoT) devices deserve a healthy dose of skepticism when it comes to information security and data privacy. Installing a small piece of technology within your organization may not seem like a risk management decision, but a poorly configured IoT device can open the door to criminals.
As connected (“smart”) devices work their way into business processes and industrial systems, the explosive growth of IoT brings with it an unparalleled surge in business attack vectors. The impact will be a challenge for corporate security teams – especially in terms of privacy law compliance and vulnerability management.
Understanding IoT risk
Technology has always driven change in the way businesses operate, but the word “disruptive” has often been overused to describe its impact. However, with roughly 7 billion IoT devices already in use (not including phones or tablets), and projections of 21 billion devices in use by 2025, IoT Analytics predicts that the IoT age may indeed turn out to be truly disruptive.
We don’t need to wait until 2025 to imagine the risks arising from integrating IoT devices into business operations. Just recently, a Ponemon Institute study on IoT risk, found that data breaches caused by unsecured IoT devices increased from 15% to 26% since 2017. Further complicating IoT device security is the fact that most organizations have no centralized function that manages them, nor a clear strategy on how to secure and maintain them. Most security teams are not appropriately staffed to handle IoT device proliferation and may even be blind to their presence.
Competitive advantage and operational efficiency will increasingly demand the adoption of business IoT. Inevitably, various IoT products and technologies will come together in larger, industrial IoT processes. What happens when a single connected component within these processes is discovered to be transmitting data to unknown third parties? Think multi-function printers (MFP) or digital security cameras. The implications are limitless.