The mainstream adoption of the Internet of Things (IoT) is on track to develop exponentially[1]. Across all sectors, businesses are set to embrace IoT through connected devices of all calibres from remote working using personal devices to industrial controls streamlining manufacturing, in the strive to improve efficiency, quality and customer experience. However, while there are likely many benefits of IoT adoption, it will undoubtedly bring issues of security to the forefront.
There have been a multitude of security breaches relating to network connected devices, fuelling fears and keeping IT managers, CTOs and CISOs awake at night – from the hacking of baby monitors to remotely hijacked cars. The Nissan Leaf hack in 2015[2] uncovered how any connection to a company’s server – whether it is through a mobile app or third party vendor’s network – opens up the possibility for cyber criminals to enter. The detrimental impact and cost of these breaches has comparatively increased in line with these developments, costing the UK Government an estimated 27bn a year[3] in 2015.
However, the real issue with this threat that continues to impact businesses large or small, is understanding who has the ability to access the corporate network, and what devices or level of access they have been given.
This requirement for access to a network has increased significantly with the adoption of IoT. From a CEO using their tablet to access files from home, to a cleaner with a smartphone accessing the company’s wireless network to listen to music. The increased number of devices trying to connect to a network means that businesses have to prioritise and control user access to ensure they have the adequate security measures in place.
A recent European research study, conducted by Bomgar investigated vendor vulnerability[4], finding that 74% of IT leaders are concerned about breaches originating from connected devices over the next year. With the steam train that is IoT adoption not slowing down at any perceived rate, the significance of truly understanding “access” is paramount. When it comes to monitoring and controlling this when integrating any connected device or system within a business, businesses need to implement Privileged Access Management (PAM) solutions.
PAM will help to render the machine to machine connectivity issue that comes with the IoT void. If a device is not recognised, it will not be allowed to access the network let alone the system or any information. In the case of a breach or unauthorised access, it will become much easier to identify in real-time and lock systems down, ensuring the vulnerable user and corrupted device are isolated.
Comprehensive management of devices are set to be the lynchpin that holds enterprise IoT security measures together. Ensuring that all devices have updated security software and are registered against users with associated levels of access will be major considerations for all businesses.
It is clear that UK businesses will need to start future proofing their security posture as IoT adoption continues to progress both in corporate and mainstream life. The potential for unwanted users or cyber criminals to infiltrate large, and once thought secure, institutions will become more frequent, if not acted upon. The tenacity, speed of attack and severity of potential threats will be determined on access vulnerabilities of the institutions network. Coupled with the fact that cybercriminals are continuing to become more tenacious and creative in their efforts as well as having time on their side, organisations need to incorporate elements access containment and management within their wider security strategies.
Selecting the right solution that provides the management and security capabilities to support IoT strategies will become crucial to IoT adoption success.
[1] http://www.gartner.com/newsroom/id/3236718
[2] http://uk.businessinsider.com/nissan-leaf-hack-app-flaw-2016-2
[3] https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/60943/the-cost-of-cyber-crime-full-report.pdf
[4] https://www.bomgar.com/vendorvulnerability