It’s getting harder to remember a time before the internet, and with continuous advances in technology, particularly in the realm of the Internet of Things (IoT), people’s lives are becoming more connected, easier and better. Thanks to IoT, we’re becoming healthier by competing with our friends to reach 10,000 steps each day. We have greater peace of mind knowing that we can monitor activities at our homes with the click of a button.
But, because IoT is so wide-ranging and pervasive, the risk of a cybersecurity breach increases with each newly connected device, and the risks extend well-beyond individual users. Businesses and governments face an extreme risk from IoT. For instance, an organization might have several systems—like heating, building security and environmental sensors— connected to the internet to maximize efficiencies through data sharing and automation. These systems are all linked to the internet and to each other, raising the number of ways hackers can infiltrate the system, given the complexity of establishing proper security.
Attacks in recent years on connected systems highlight flaws in security and show the breadth of these attacks. In 2015, the Western Ukraine electrical grid was attacked, leaving almost 250,000 people without power for six hours. And in 2016, the widely-reported Mirai malware incidents left the internet inaccessible for much of the eastern half of the U.S. when it took control of vulnerable IoT devices to launch large-scale network attacks.
The IoT market is growing quickly, with the number of connected devices expected to surge to 20.4 billion by 2020. With such a fast-growing market, there are many more questions that must be addressed for each new IoT-ready device, including:
- How is the software securely updated?
- Are users and potential users educated about the importance of basic security awareness, such as changing default passwords?
- Which data encryption standards does the device use?
- How are users authenticated, and how is access to the device controlled?
To help address these questions and inspire trust among stakeholders, the IoT market needs widely accepted best practices and standards. It’s particularly important to ensure the security of the data when it’s collected, shared and processed, as well as controlling access to the devices themselves. While each manufacturer will vary in its approach to security, by following standards like ISO/IEC 27001, they can assure the wider market that appropriate safeguards and controls were followed in the product design process.
Looking ahead, standards will be central to how individuals and organizations prepare for and mitigate IoT security risks. The global nature of IoT’s growth demands a collaborative and international approach to the development and maintenance of security standards, which will ensure we can all reach 10,000 steps without giving data security a second thought.
|Written by Tim McGarr, Market Development Manager at BSI Group|