IoT security: where are your weak spots?


The Internet of Things (IoT) can improve your efficiencies and services. It can help you enter new markets and build new business models. But with these rewards comes risk—security risk.

According to the AT&T State of IoT Security survey, only 10 percent of organizations are “fully confident” in their IoT security. And only 12 percent are “highly confident” about their business partners’ IoT security.

To satisfy your management, you need to be able to explain the threats—and what you’re doing to overcome them.

Where are the risks?

We can now connect vehicles, shop-floor equipment, and so much more. But most devices were not built with the internet or security in mind. Every device could be an open door for hackers to enter your network.

Over the past two years, AT&T has seen a 458 percent increase in scanning IoT devices for weakness.

Many companies don’t even monitor IoT devices. Nearly half of the companies in the AT&T survey said they are only guessing about the number of IoT devices on their network. Just 38 percent use software to identify connected devices. And only 14 percent have had an IoT audit.

Any data breach can damage your market position and share price.

But it gets worse when your IoT system carries any risk to human safety. IoT devices already control production lines, supply chains, and utilities, not to mention airplanes and cars. IoT sensors record performance data to plan maintenance and solve problems. Other sensors provide navigation support and infotainment.

How to respond

This level of risk means that security must be the basis of every IoT project, not an add-on. Here are two things you need to do to help protect your business:

1. The management must make sure the IoT development team has the right security expertise. You have to build security into the IoT devices and their connecting networks from the very start. This means multiple layers of security controls, including encryption. It also means separating systems from one another.

With connected cars, you could isolate critical safety systems and engine control units so there isn’t access through infotainment and communication systems.

2. The management must see to it that that the firm’s IT security policies and systems take IoT into account. For example, you’ll need to patch software on time and fix security breaches as they occur.

This security strategy will need to cover the entire IoT ecosystem. This includes your devices, data, and applications, and those of your partners and customers. In a factory where IoT devices monitor and control machinery, this will require strict controls.

Consistent procedures and clear lines of responsibility will help you avoid problems. But attacks are inevitable.

Safeguard yourself. And when you involve your board and execs in IoT security, you’re more likely to be successful.

Sandy Verma Senior Director of Asia Pacific for Internet of Things Solutions AT&T About Sandy