The number of connected devices is set to exceed 50 billion by the year 2020, the Internet of Things (IoT) (basically the infrastructure of all connected devices in our everyday lives) represents a major transformation in a digital world that affects all of us.
The chance to jump into the fast lane is an opportunity too good to miss. Specifically in light of the UK government’s budget pledge of £140m to develop applications for the IoT and smart cities. IOT offers huge possibilities for companies to be more efficient and effective. But as the IoT market size increases, hackers have an expanded surface area, and protecting company intellectual property (IP), customer data and operational infrastructures is harder and more urgent than ever before.
The threat isn’t just to privacy of course, we have seen a major incident in the USA in 2016 where the Mirai malware was reported as being spread through devices as diverse as set-top boxes and surveillance cameras – the impact was a distributed denial of service attack that affected users trying to access Twitter, Spotify, Netflix and Paypal among others.
Only 33% of organisations believe their IoT products are “highly resilient” against future cyber security threats, and 48% of companies focus on securing their IoT products from the beginning of the product development phase. This is problematic given the low and differing numbers – so where is the breakdown, and how can we bridge the gap?
- Set up an integrated team of business executives and security specialists
An integrated team will allow for greater collaboration, ensure the business and security concerns are well balanced and any vulnerabilities can be identified early in the product lifecycle.
- Integrate security best practice with the IoT product development process
An effective risk management mechanism is nothing new, but it is an important part of this process. Business leaders need to identify where their organisation might be vulnerable through an analysis of disruptive attack scenarios, and the financial and non-financial impact of an attack on the organisation as well as the users.
- Educate consumers as well as front-line staff in security best practice
Planning and integrating strong security features will only take you so far before it comes back to how the IoT product is being used. Organisations must inform and educate consumers on best practice including regularly changing passwords, which is still one of the most common causes of a security breach, and offering advice on security patches.
- Address privacy concerns with transparent privacy policies
Everybody is becoming more conscious about where their data is being held, and an organisation making a clear effort to show consumers what their data is being used for will differentiate itself from the competition.
Security has to be at the heart of every stage of the process. We would not buy a house that had no front door on it, so why would a consumer buy a connected product with no security features in place? To inspire confidence in the IoT as it gathers pace, businesses need to ensure they are supplying the lock as well as handing over the keys.
_________________________________
Matt Sumpter, Underwriting Manager - Technology and Cyber Risks at CNA Hardy
Any content, views, opinions and/or responses are solely the personal views, opinions and responsibility of myself and do not necessarily reflect the opinions of my employer CNA Hardy. Neither I nor my employer, CNA Hardy, warrant the accuracy, completeness or usefulness of the information available on this LinkedIn page. Nothing contained in or provided through this LinkedIn page is intended to constitute advice. Any reliance you place on such information is strictly at your own risk. I may include links to other web pages, but these links are not an endorsement of those pages.