The Internet of Things (IoT) is at the center of many organizations’ Digital Transformation (DT) strategies. Companies that are successful in their DT efforts deploy more than threefold the number of IoT initiatives (47) compared with companies that are less successful (15). Yet security is the top inhibitor for IoT rollouts, cited by 20% of organizations as a reason they are not deploying IoT.
And that’s a valid fear. Not only do inadequately secured IoT networks jeopardize the IoT devices and networks themselves, but both formal IoT and “shadow IoT” networks can serve as attack vectors. IoT devices—whether sensors or monitors, or printers, security cameras, and even drones and HMI devices such as Amazon’s Alexa—can all serve as host to self-propagating worms, or become members of a botnet army. Compromised systems can thus reveal sensitive information, or turn an organization’s infrastructure into an attack force.
The solution? Tackle the problem head-on. First, focus awareness on both IoT and shadow IoT security. That includes assessing both formal initiatives, and vulnerabilities due to the proliferation of smart devices. Second, InfoSec teams (rather than facilities or a separate IoT group) should own IoT security from a funding, staffing, strategy, architecture, and design perspective. Finally, IoT security initiatives should align with overall InfoSec best practices.
In sum, to jump-start IoT security, InfoSec professionals should:
- Conduct a “shadow IoT” vulnerability assessment
- Launch formal projects for both IoT and shadow IoT security
- Have InfoSec own the projects
- Have InfoSec own the budget
- Create and staff IoT-security specific teams (where teams include more than one dedicated staffer)
- Develop IoT security specific strategy, architecture, roadmap
- Align IoT and “shadow IoT” security with overall InfoSec strategy, architecture, and roadmap
Table of Contents
- TABLE OF FIGURES
- THE ISSUE: IOT DRIVES DT SUCCESS, BUT LACK OF SECURITY INHIBITS
- THE CHALLENGE: IOT CONNECTS CYBERSPACE TO REALITY
- THE RISK: TYPES OF IOT VULNERABILITIES
- INFECTION: IOT AS DISEASE VECTOR
- ATTACK: IOT AS WEAPON
- SHADOW IOT: WHEN TRADITIONAL DEVICES GO ROGUE
- THE FIX: INFOSEC TAKES CHARGE
- CONCLUSION AND RECOMMENDATIONS
You are currently viewing a Preview of this Content. Clients of this research can view the full content by logging in. Non-clients can view selected content by registering. To be able to view content based on your permissions, please login or register here[sg_popup id=1]