Who will ensure security in IoT?
13/06/2019 by MRL
Quick Job Search
The Internet of Things (IoT) is booming. By 2020, 20.4 billion devices are expected to be in use, impacting every aspect of our lives. Soon, we’ll be raiding our smart fridge for breakfast, travelling to work in connected cars, and having meetings arranged by Alexa. But with this proliferation comes a heightened risk of cyber-attacks.
Indeed, eight in 10 organisations have experienced an attack on their IoT devices in the past 12 months. 90 per cent suffered from downtime or compromised customer data/safety as a result. The average cost of a cyber-attack to IoT devices is estimated at more than $330,000 per incident.
Evidently, it’s in everyone’s best interests to prevent this from occurring. But where does the responsibility lie?
Governments are beginning to realise their responsibility in ensuring the safety of the IoT, but politicians and legislators are limited in their knowledge of the devices. So, it’s up to private organisations to plug this knowledge gap and collaborate with politicians to effectively police the IoT.
For some, this is already happening. Amazon, Miele, Panasonic, Yale, Philips and Samsung have been consulting with the UK Government, with all identifying a need for the security of IoT devices to be prioritised during design and development.
It’s a priority of all parties to ensure the safety and privacy of connected devices. Mainstream adoption of the IoT won’t occur if consumers feel unsure about its security. The Government has a duty of care to its citizens, to ensure that their personal data is protected and that they feel safe using such devices.
Another move towards IoT security is seen with the Trustable Tech Mark. It works much like the CE Mark, in that it gives consumers an indicator of a device’s safety and the ethical use of their data. IoT manufacturers have to fulfil several criteria, including privacy-by-design, to be eligible for the Mark.
These are industry-wide efforts, but for organisations, there is much to do on an individual level. Currently, just 7 per cent of organisations feel prepared to tackle IoT cybersecurity challenges. 46 per cent of unprepared organisations state that they lack the skills to address these issues.
To effectively secure the IoT, you need the right talent. As the IoT grows, the demand for such workers will increase dramatically.
Cybersecurity experts with previous experience in the IoT will be hard to find at first; the technology is still in its relative infancy. Organisations will have to broaden their search to include candidates with related experience. Alternatively, existing cybersecurity team members can be upskilled while contract or freelance experts offer another short-term solution. They can plug any skills gaps whilst team members are trained-up or permanent employees are recruited.
Generally speaking, a strong IoT cybersecurity recruit will show knowledge of end-point device security and life cycle management. They’ll have experience in wireless networking – including potential security vulnerabilities – and know how to do a risk analysis of specific devices.
Beyond your cybersecurity team, other employees should understand their part in keeping IoT devices secure. Everyone should be aware of the risks posed by the IoT and how they can prevent data leaks or hacks; using unauthorised IoT devices, for example, must be avoided. Regular checks of equipment is essential, as is adapting any existing security and IT policies to consider IoT devices.
The IoT is a widespread change for all organisations and industries, so it’s little surprise that securing it is an industry-wide, public and private affair. With a technology as vast as the IoT, every party with a vested interest must play their role.
It’s only by working together that we can make sure the IoT is a force for good and is able to meet its full potential. For each organisation, that effort begins with talent. Without skilled people involved, any effort to secure the IoT will be haphazard and ill-informed.