The internet of things (IoT) has much potential to streamline business processes and provide new ways to interact with customers. But it also opens new frontiers for cyber criminals and hacktivists to exploit.
Quocirca published reports in 2015 (The many guises of the IoT) and 2016 (European perceptions, preparedness and strategies for IoT security) that look at the interplay between IoT opportunities and threats. Some of the findings from these reports are highlighted in this buyer’s guide, which looks at how to secure the IoT in your organisation.
The IoT means different things to different organisations and there is no silver bullet for security. It involves everything from known devices carefully deployed – for example, as part of state-of-the-art infrastructure monitoring systems – through to legacy equipment bought online for ease of access, to rogue unknown consumer devices brought into the workplace by employees.
Good application design, adapting existing IT security and some altogether new ideas contribute to protecting IoT deployments from a diversity of threats.
IoT security threats
There are four main security threats pertaining to the IoT:
- Data protection. Many devices gather sensitive data, the transmission, storage and processing of which needs to be secure for both business and regulatory reasons.
- Expanded attack surface. There will be more devices on networks for attackers to probe as possible entry points to broader IT infrastructure. Unlike user endpoints, many IoT devices are permanently on and connected, making them prime targets.
- Attacks on IoT-enabled processes. Those wanting to disrupt a given business’s activities will have more infrastructure, devices and applications to target, for example, via denial-of-service (DoS) attacks or by compromising and/or disabling individual devices.
- Botnet recruitment. Poorly protected IoT devices may be recruited to botnets, degrading their performance and leading to longer-term reputational damage.
All these threats rely to some extent on the potential weakness of IoT devices. While the devices should be deployed and managed with security in mind, with good design, much of the heavy lifting can be done at a higher level.
Devices numbers, diversity and identity
Quocirca’s 2016 research showed the average European business expects to be dealing with 7,000 IoT devices over the coming 18 months. This figure may sound daunting to smaller organisations, but it is conservative compared with other industry estimates. Managing large numbers of devices must be automated and anyway, there is only so much that can be done on the device itself.