The Internet of Things (IoT) holds the potential to be an economic and societal boon. Devices that 10 years ago people didn’t even think about—thermostats, security cameras, refrigerators, smart TVs or even Apple watches—are now connected in ways that make life easier, safer and more efficient. Unfortunately, using these connected devices opens people to many threats. If the end consumer doesn’t trust these new devices, IoT could fail.

The Need for IoT Security

Healthcare offers a good example of both the benefits and threats to today’s IoT. IoT devices in healthcare can improve care while decreasing medical costs. But those same devices have become a significant cyber security target due to the high value placed on healthcare data.

Consumer IoT devices also create a significant threat to an enterprise network.

According to the 2019 IoT Threats Report from Zscaler ThreatLabZ, IoT devices throughout enterprise networks leave organizations open to attack. For some perspective: Some 270 different types of IoT devices from 153 different manufacturers create 56 million transactions in one month. And most of that IoT data is unsecured. The most popular devices are set-top boxes, smart TVs, smart watches and media players.

Why This Is Happening

In light of such security breaches as Target and Equifax in recent years, IoT security would seem to be a no-brainer. However, a range of issues currently overwhelms the need for robust security.

  • The very newness of IoT is an obstacle. Programmers, consumers and manufacturers aren’t able to think through all the consequences of connected devices and where that can lead.
  • Many companies are focused on releasing new products as quickly as possible to beat the competition, resulting in security becoming a secondary priority.
  • There is a lack of standards that can keep up with innovation.
  • Software updates are infrequent. When companies are focused on the physical IoT product and not the software, lack of updates can create significant exposure to breaches.
  • Currently, much security is done on an ad hoc basis for each type of device, often after the device has been built. To add on security post-production is expensive and time consuming.

Getting IoT Security Right

With so many devices already out there, where to begin? When manufacturing a set-top box, for example, security isn’t usually part of the process. Creating security standards manually for a device would take a massive amount of time and money. Companies can use machine learning (which is speedy and cost effective) to create standards that are specific to individual devices.

Companies need to push out new software updates more often. The Nest thermostat, for instance, has minimal updates, making it vulnerable to attack. New updates are especially critical with the 5G network, which can move IoT to another level…but only if security is solid.

The Internet of Things will only succeed if the end user trusts it. Any company that develops a reputation of having secured IoT devices will gain a significant amount of trust and loyalty from consumers. On the opposite end (think Facebook right now), if a company shows it does not have its focus on security, it can lose credibility with the resultant loss in revenue.

 


Leave a Reply

You must be logged in to post a comment.