The ‘Internet of Things’ (IoT) is a term that first flitted its way around the digital world about 20 years ago. It describes physical devices, vehicles and buildings that use electronics, software, sensors and network connectivity to collect and share data via the internet.
The vision of IoT has certainly gone through a radical evolution since the original idea of a network of smart devices was explored back in 1982. This was a modified vending machine in Carnegie Mellon University which was the very first appliance to use an internet connection, able to report its inventory and whether newly loaded drinks were cold.
Since then, IoT has snowballed to become one of the most talked about issues of the digital age. With new ground-breaking technologies constantly at our fingertips, we are more connected than ever before, with some estimates suggesting there will be 50 billion objects linked to the internet by 2020.
So, what does this mean for businesses and, above all, security in 2016?
In a recent study, cybersecurity specialist Webroot and data center organization IO explored just how real an issue IoT is for organizations and what kind of progress is being made in building it.
The study of 500 CEOs and senior decision makers revealed that UK businesses are really taking IoT seriously this year; with 87% of respondents saying they will be implementing IoT focused projects and strategies in 2016. It also appears that organizations are not looking to just jump on the fashionable IoT ‘bandwagon’ with 68% expecting to see real, tangible paybacks from their investments. This is a significant increase from the one in five who are currently reaping the benefits of their IoT outlay.
According to ‘IOT: Risk or Reward?’, more than half (54%) of UK businesses are also looking to employ a Chief IoT Officer this year, and this was most common across the education (63%), retail (63%) and telecomms (64%) industries.
So what is the driving force behind this push for IoT? Maria Hernandez, IoT lead at Cisco UK, argues that it is a result of what she refers to as the ‘fourth wave’ of the internet, which is something that affects business of all kinds.
“The first internet wave was about making information digital. Then we moved into making processes digital, particularly with e-commerce. The third wave was about making interactions digital with cloud, mobility social media and video. Now the fourth is about making everything digital – organizations, cities and even countries. We believe that this wave is going to have more impact than the previous three waves together.”
When it comes to implementing the steps that can bring IoT to life, 71% of businesses feel improving network infrastructure and capacity is the main priority this year, with almost a quarter admitting their current ICT set up is prohibiting them from successful IoT adoption.
Andrew Roughan, Business Development Director, IO believes successful IoT implementation depends on companies investing in their infrastructure for the long-term, avoiding quick wins.
“There are some initiatives that can drive change quickly and deliver some customer-facing and online benefits, but this is about more than that – it’s about defining the next era of the enterprise, beyond five or ten years. The infrastructure to support IoT needs some careful consideration, as typical enterprise-scale infrastructure investments won’t enable the IoT to scale economically”.
It all seems to be plain sailing then, right? Well, not quite.
As many as 80% of businesses view security as a looming barrier that is impeding innovation, but only a quarter (27%) are taking measures to resolve this. Instead, more than half (57%) admit it is likely that security in general will be compromised as companies go in search of quick IoT growth.
This is an area of real concern, especially when you consider just how much of an organization’s data would be accessible to a cyber-hacker if they were able to breach an IoT device.
Luis Corrons, PandaLabs Technical Director, Panda Security told Infosecurity it is vital that security is at the forefront of a company’s mind, closely watching all devices connected to their network and regularly carrying out safety measures like performing periodic updates and changing default passwords.
“The wrong thought that people have about IoT is that nobody is interested in compromising/hacking those devices. ‘Who cares about the information I have in my smartwatch?’ and similar questions go around, and most people tend to agree that most of those devices do not store critical/confidential information, and I agree that can be true in a number of cases. However, we have to take a look at the full picture; it is not about the device but about your network. That device is connected to your network, and therefore it becomes a point of entrance to it. Cyber-criminals are not interested in your printer, smartwatch, or camera by itself; they will use it as a means to get into your network.”
David Kennerley, EMEA Threat Research Manager, Webroot shares a similar view, stating that although IoT is not a new phenomenon, it’s gaining a lot of momentum; and so are the security risks that come with it.
“The biggest concern is that security is not being built in at the planning phase, it seems to be an afterthought.” he told Infosecurity.
“IoT manufacturers need to work with cybersecurity professionals. Many of the recently highlighted vulnerabilities in cars for example show the need for the manufactures to quickly learn many of the lessons already learnt by the wider tech community years ago.”
“Most importantly understand the limitations of the device/firmware. Is the data stored on the device encrypted? How is this encryption implemented? Does the device allow OTA updates, are these validated?”
“Standards are a must, device security will improve – at the same time, as security professionals we can also do our bit to reduce the attractive attack surface area associated with IoT.”