One of the most significant growth sectors in business these days is the Internet-of-Things. It has become one of the terms synonymous with a company that is at the cutting edge of technological advancement. Starting as a solution for manufacturing companies, the IoT has grown from those humble beginnings into a system that can offer real-time insight into almost anything a business wants to know. Gartner even estimates that there will be 5.8 billion IoT endpoints within the automotive and enterprise sectors by the end of 2020. Because of the popularity of IoT as a technology, many companies are finding ways to incorporate it into their drive to modernize their business. Despite this enthusiasm to embrace new technology, there is a significant “elephant in the room” that many companies talking about IoT implementation are just ignoring and leaving their tech teams to deal with.
What happens when you have an insecure device connected to your enterprise-level network? Most tech teams would say that you create a point of vulnerability within your security system, kind of like inviting a malicious user to peruse the data passing through your network at their leisure. The European Union Agency for Cybersecurity (ENISA) mentions that in 2016, a massive Distributed Denial-of-Service (DDoS) attack originated from a compromised IoT system. IoT systems are an attractive target for malicious users for several reasons, including:
- Prevalence: as the number of IoT devices in the world rises, here is bound to be a particular subclass of them that are vulnerable to exploits.
- Exploitability: Vulnerabilities in IoT systems are only now coming to light.
- Lack of Support: Many of the more recognizable names in IoT manufacture have begun pushing regular firmware updates to their devices to increase security. However, there are still a lot of companies that aren’t.
There are ways around these problems, such as building device security into the deployment process or turning off unused services on individual devices. Developing secure update procedures and running regular checks on firmware are also viable measures to shore up IoT security. Ensuring devices that don’t need to communicate with the network are isolated also helps to limit exposure. These measures are useful to an extent. As with all things in technology, there’s no simple fix. Security has always been an arms race, and IoT devices represent the newest front in the ongoing war against malicious users. Executives considering rolling out IoT deployments would do well to consult their tech leaders before doing so, to avoid opening the floodgates to digital intruders.