There’s certainly been a lot of hype over the past few years about the Internet of Things (IoT); its potential to create a 360 view of data has many business analysts salivating. This is an appealing prospect, especially given the network effect gained from more and more enterprises and even households adopting interconnected devices. That said, before every company rushes to adopt this new technology, security concerns must be addressed first.
The problem lies in the lax security standards that most of these devices have. In an age where most individuals feel comfortable making transactions online, we think nothing of sending personal information through the web. The reason for this perhaps undue confidence in security measures is because small breaches are never newsworthy, whereas large breaches attract attention and are generally perceived as isolated incidents.
The truth is, many manufacturers, particularly those constructing IoT devices, know very little outside of the bare basics of cyber security, exposing countless sensors to potential attack. Also problematic is the lack of standards associated with devices under the overall umbrella of IoT.
One example of a problematic tendency is a lack of prompts to change passwords. Manufacturers seldom ask users to change login information from the default, and as a result, devices can be hacked en masse because few have bothered to update their information.
Of course, given how extensive these networks of devices can be, updated security may very well entail securing every single device, a process that is just as excruciating as it sounds. This is a new concern for companies that, until now, have managed to get by with a standard-issue IT department.
Until industry standards can be adopted, it becomes the responsibility of individual businesses to thoroughly vet where their devices are coming from, and study the results of previous companies that have used them. Wonderfully enough, the data is definitely there; though it may require some effort to find and interpret.
There is good news, though. As far as protecting devices goes, there are already proven tactics that IT departments can use to stay on top of things. Encryption, two-factor authentication, and vulnerability scanning can go a long way in ensuring that a company’s web communications are functional and secure.
Problematically, this issue works both ways; devices are being compromised by poor security which are in turn being used in DDOS attacks, two problems that companies will have to worry about.
As far as the defense side of things go, companies do have options in the form of DDOS detectors, as well as numerous websites detailing ways to combat these attacks and similar cyber threats. Companies will need to incorporate contingency plans into their policies for cyberattacks regardless of whether or not they make heavy use of IoT devices.
This may require spending some money to properly train your IT department in defensive best practices, but it’s worth it in the long run. The age of the IoT gives companies an ultimatum: adapt to the shifts in technology, or fall behind. That doesn’t necessarily mean completely integrating new gadgets into your workplace; just to familiarize your company with them and be prepared to incorporate them if your situation calls for it.
Caution is the name of the game. The issue with learning the technology is that it will inevitably change in the next few years. That said, it’s always worth investigating in order to stay on top of recent trends and even leverage new devices to gain a competitive advantage.
Because of these ongoing issues, IoT technology has not been widely adopted, despite the impact that it has already made. These security concerns will have to be addressed before businesses are willing to trust these devices, though, like the Internet before it, it has the potential to revolutionize business and bring a new level of data analysis to the workplace.