The Internet of Things delivers new ways to create and capture business value, but also creates some frightening new vulnerabilities that organizations must take specific actions to address.
The rapidly expanding Internet of Things (IoT) is poised to generate huge volumes of data and deliver valuable business insights. But it also introduces substantial new risk.
A defining element of the Internet of Things (IoT) is that objects are not merely smart—equipped with sensors and processing power—but also connected: able to share the information they generate. More data, and more sensitive data, accessible across a broad network of interconnected stakeholders could pose significant dangers if compromised. As the World Economic Forum reported in March, “Hacking the location data on a car is merely an invasion of privacy, whereas hacking the control system of a car would be a threat to a life.” The rise of IoT requires enterprises to put in place systems to protect this new source of information-based value.
Organizations need to be Secure.Vigilant.Resilient.™ in order to effectively manage their enterprise cyber risks, and this paradigm also applies to IoT. By adopting a Secure.Vigilant.Resilient. approach, companies may address proliferating vulnerabilities and the rising sophistication of cyber attacks. This three-pronged, risk-based approach aims to focus organizations on their most important assets and invest in cost-justified security controls designed to protect them. It also emphasizes in equal measures a need to gain greater visibility into threats and to improve coordination of response efforts to reduce the impact of a cyber attack.
New Vulnerabilities with IoT
In some ways, securing IoT is not that different from securing other enterprise systems. Many companies already grapple with vulnerability management, authentication and authorization, and much more. But other IoT risks are entirely novel.
Sensor-related risk. IoT devices are susceptible to counterfeiting (fake products embedded with malware or malicious code); data exfiltration (extracting sensitive data from a device via hacking); identity spoofing (an unauthorized source gaining access to a device using the correct credentials); and malicious modification of components (replacement of components with parts modified to generate incorrect results or allow unauthorized access).Read more
Source: Wall Street Journal