Print Save PDF

About 5 minutes

target-for-hackers2

watch-cell

How to prepare for the rise of IoT

Remember way back when, when the idea of smartphones and tablets being in workplace settings seemed as far-fetched as a watch that could function like your cell phone?

(Unless, of course, you were Maxwell Smart.)

Yet, here we are, and the mobile-enabled workforce is alive and well.

In fact, they are thriving.

We are currently inundated with all types of workplace devices – tablets, smartphones, laptops. You name it.

As mobile technology has become pervasive, workers demanded the flexibility to use their personal devices to access corporate systems and applications, and companies relented.

The productivity gains were simply too promising to ignore, even if there were (and still are) very real security risks attached.

We are entering a similar state of affairs with the Internet of Things (IoT).

It may be hard to picture IoT having the same type of impact as the smartphone has had in workplace settings, but it’s a reality.

Rising number of connected devices

"Gartner has already predicted that by 2020, we will reach 25 billion connected devices in use."

Businesses, city authorities, and hospitals are also strategizing ways to harness IoT technology.

Companies that are already embracing IoT in the workplace have to consider the security ramifications.

In an interview with eSecurity Planet, Securlert CEO Richard Greene painted this gloomy picture:

“Anything that is connected to the Internet can be an attack surface. It’s just a matter of time before you discover the Fitbit on your wrist or the thermostat connected to your WiFi can be used as the starting point to penetrate corporate and government networks.”

Let that observation settle in for a bit.

target-for-hackers2In an age in which data breaches are so commonplace, it’s downright scary. 

IoT is another strike zone cyber criminals can target with a flurry of fastballs.

According to ISACA’s 2015 IT Risk and Reward Barometer, 73% of IT professionals believe that there is a medium to high likelihood of organizations being hacked through IoT devices.

3 steps IT security pros can take to prepare for IoT

  • Create an IoT Security Policy

  • There are distinct differences between mobile devices and IoT devices, so they shouldn’t be lumped together under the same BYOD policies.
  • Compared to mobile devices, IoT are continuously connecting or streaming, accessing your network from sources that are foreign or unsubstantiated.
  • Also, for users, there are different security considerations that IoT presents from a functionality standpoint compared to smartphones and tablets.
  • Closely Monitor the Data That Is Stored on These Devices.

  • One of the challenges that is common between mobile and IoT BYOD policies is the access and availability of corporate data.
  • Privileged corporate data shouldn’t be exposed on IoT devices in the first place. As Demetrios Lazarikos (Chief information security officer of vArmour) explained to eSecurity Planet, “Security needs to be driven from the top down. You need to consider what type of data is being stored on these devices.”
  • Stay on Top of Patching and Upgrades

  • Just like any other software you invest in, you need to be on top of the updates that are required of IoT smart products.
  • It’s certainly harder to enforce those updates for devices (like wearables) that employees use, but consistent patching and updates should be emphasized through your IoT policies.

If the IoT isn’t taken seriously as another sweet spot for hackers to penetrate, your business could join the list of other companies that have been breached.

For a history lesson on the most notorious hacks of the past, get your copy of After the Breach: Analyzing Hacks of the Past.

hacks_of_past_eBook

Written by IBM BP Network