McKinsey & Company estimates that the IoT market will include between 20 billion and 30 billion connected devices by 2020.
Businesses want the bottom-line benefits in areas such as cost reduction, operational efficiency, productivity and customer experience. But there are also serious downsides to consider—with privacy topping the list. As we hurtle into the IoT future, here are four major IoT security challenges that can’t be ignored.
- More, More, More. As the range and number of new devices go behind the firewall, it’s critical to understand what hackers can access—and what they can they do with the device if security is breached. Just look at Mirai, the botnet that in October 2016 attacked the domain name service Dyn using unsecured IP cameras. The ensuing DDoS (distributed denial of service) attack made Twitter, Spotify, Reddit, Pinterest, PayPal and other major websites inaccessible to millions. The cost? An estimated $110 million in potential revenues.
- Unreliable Upgrades. The security of IoT devices is not standardized, raising security and privacy questions, such as: Will regular updates be available, or will infrequent updates give hackers the upper hand? Will the company stay in business or will they fold, leaving their devices increasingly unsafe as hackers work to discover vulnerabilities?
- Personal Data Collection. Which IoT device companies will use their products to collect personal data—without making it known to purchasers? Two examples with potentially dire consequences: Fraud around money transfers and digital currency and stolen health information from wearables to track fitness goals, which some companies are using to collect data and lower health insurance premiums. A lack of transparency makes answering these questions difficult at best.
- Lack of resources and expertise. Many companies still lag behind in cybersecurity protocols, even failing to install updates—as was the case with 2017’s WannaCry ransomware, which had a global cost of more than $5 billion. As executives make plans for IoT devices, they may not be aware of the related privacy risks and the increase in security needs.
Steps to Reduce IoT Security Risks
Prior to purchase and installation, careful research is absolutely necessary:
- Understand the device company’s policies on data security and sharing.
- Consider risks and all the potential ways the device can be compromised to target your network.
- Thoroughly read and understand agreements before purchase and installation.
- Build security into software applications and network connections that link to those devices.
As companies’ IoT implementations scale to possibly thousands of connected devices, managing network security will become a herculean task, especially for resource-constrained IT groups. According to Computer Economics’ IT Outsourcing Statistics 2016/2017, 59% of organizations plan to increase the outsourcing of their security function and the number is rising. If you go this route, put your network security in the right hands with an MSP like OneNeck®, which has the right expertise, a proven track record and a multi-layered approach to security. Make the wrong choice, and the potential benefits of IoT could be wiped out with a single catastrophic breach.