Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
    • Protect the environment. Think before you print.

The Internet of Things: Nothing to fear but inaction itself

April 11, 2016

Connected devices are everywhere, so now is the time to act and step up your organization’s security.

Gerry Kane

Vice President Cyber Risk Engineering, Zurich Services Corp.

Gerry Kane is Vice President Cyber Risk Engineering for Zurich North America. With specialized... About this expert

Internet of Things

We already have smart homes that help us save on energy costs. Automated controls run many manufacturing floors, creating more efficient production. Wearable medical devices that connect patient and doctor are improving care and reducing healthcare spending. The use of connected devices will continue to explode, with experts such as The Atlantic Council predicting up to 50 billion such devices by 2020.

While the Internet of Things (IoT) offers many benefits to businesses and consumers, it also represents another way for data to be manipulated for greater harm. It’s one thing for a hacker to steal credit card numbers for financial gain or shut down a website to make a political statement. But it’s a whole new level of risk when hackers can use the internet to damage a physical operation or cause bodily injury and even death to people. Many industrial control systems have been built on old technologies that are no longer supported and maintained by their vendors. Without such support, these systems become rife with exploitable vulnerabilities, a dangerous scenario considering that these systems manage critical electric grids, water treatment plants and chemical facilities. The fear is that a destructive attack on systems like these could cause widespread physical harm to both organizations and individuals.

The exponential risks of the IoT represent a new reality for business today. These risks are not just about data security. They are about the security of your entire business, its operations and people. So what steps should every organization consider to prepare for connected devices today and in the future?

  1. Place security at the forefront of your risk processes. Think of risk management and information security as a process, not an event. Whether you are a product developer, seller or consumer, security should be one of the first things you think of…not one of the last.
  2. Adopt the NIST security framework. In 2014, the National Institute of Standards and Technology created a cybersecurity framework. It’s a valuable tool, not just for the Information Security department, but also for cross-functional teams charged with defining and prioritizing the information necessary to build security into your organization. There are 5 basic steps of the framework: Identify, Protect, Detect, Respond and Recover.
  3. Elevate the IoT issue to the C-suite. The earlier you align with your Chief Information Security Officer to present the IoT security issue to the C-suite, the better prepared your organization will be. The use of connected devices is found throughout an enterprise—not just the IT department—so it requires enterprise-wide attention that the C-suite and Board can make happen.

The future of IoT is exciting because of the improved convenience, productivity, and profit it offers both the producers and users of connected devices. Reaping these rewards requires action now to avoid any exponential risks in the future.