Author: Johna Till Johnson, CEO & Founder
The Internet of Things (IoT) is at the center of many organizations’ Digital Transformation (DT) strategies. Companies that are successful in their DT efforts deploy more than threefold the number of IoT initiatives (47) compared with companies that are less successful (15). Yet security is the top inhibitor for IoT rollouts, cited by 20% of organizations as a reason they are not deploying IoT.
And that’s a valid fear. Not only do inadequately secured IoT networks jeopardize the IoT devices and networks themselves, but both formal IoT and “shadow IoT” networks can serve as attack vectors. IoT devices—whether sensors or monitors, or printers, security cameras, and even drones and HMI devices such as Amazon’s Alexa—can all serve as host to self-propagating worms, or become members of a botnet army. Compromised systems can thus reveal sensitive information, or turn an organization’s infrastructure into an attack force.
The solution? Tackle the problem head-on. First, focus awareness on both IoT and shadow IoT security. That includes assessing both formal initiatives, and vulnerabilities due to the proliferation of smart devices. Second, InfoSec teams (rather than facilities or a separate IoT group) should own IoT security from a funding, staffing, strategy, architecture, and design perspective. Finally, IoT security initiatives should align with overall InfoSec best practices.
In sum, to jump-start IoT security, InfoSec professionals should:
You are currently viewing a preview of this content. Nemertes Clients, please log in for full access to all research content. If you are not a client, please click below to purchase access to this research report. We also invite you to become a client.CLIENT LOGIN BECOME A CLIENT