Intelligent CISO Issue 01 | Page 49

A 2017 survey found that almost half of small businesses questioned would pay a ransom on IoT devices .

A

A recent survey shows 64 % of organisations have deployed some level of IoT technology and another 20 % plan to do so within the next 12 months . This means that by the end of 2018 , five out of six organisations will be using at least a minimal level of IoT technology within their businesses .
This is an astonishing fact when you consider the lack of basic security on these devices or any established security standards .
The influx of connected devices on to a company ’ s network literally creates tens , or even hundreds , of new unsecured entry points for cybercriminals . But many companies are turning a blind eye to this , swayed by the potential benefits that IoT can bring to their business .
So here are some facts for consideration , before taking the leap into IoT , including a look at the short and medium-term consequences of deploying a wave of unsecured devices to your network .
IoT : a cybercriminal ’ s dream
Any device or sensor with an IP address connected to a corporate network is an entry point for hackers and other cybercriminals ; it ’ s the equivalent of an organisation leaving its front door wide open for thieves .
Managing endpoints within an organisation is already a challenge ; a 2017 survey showed 63 % of IT service providers have seen a 50 % increase in the number of endpoints they ’ re managing , compared to the previous year .
IoT will usher in a raft of new networkconnected devices that threaten to overwhelm the IT department charged with securing them , a thankless task considering the lack of basic safeguards in place on the devices .
Of particular concern is that many IoT devices are not designed to be secured or updated after deployment . This means that any vulnerabilities discovered postdeployment cannot be protected against in the device itself and corrupted devices
FEATURE
cannot be cleansed . In an environment with hundreds or thousands of insecure or corrupted devices , this can raise huge operational and security challenges .
IT or OT
IT professionals are more used to securing PCs , laptops and other devices , but they will now be expected to become experts in smart lighting , heating and air conditioning systems , not to mention security cameras and integrated facilities management systems .
A lack of experience in managing this Operating Technology ( OT ), rather than IT , should be a cause of concern . It is seen as operational rather than strategic and deployment and management are often shifted well away from board awareness and oversight .
And that ’ s barely touching the visible surface . Machine-to-machine ( M2M ) technology is already transforming and will continue to transform businesses .

A 2017 survey found that almost half of small businesses questioned would pay a ransom on IoT devices .

Many AI applications depend on IoT ; for example , transportation and logistics are being changed by it . These developments can and will impact most organisations . Nevertheless , the majority of organisations are deploying IoT technology with not only a lack of strategic direction , but with minimal regard to the risk profile or the tactical requirements needed to secure them against unforeseen consequences . These include not just security requirements but also business continuity challenges . www . intelligentciso . com | Issue 01
49