A recent survey of over 1000 buyers of IT across Europe and North America showed that 29% of companies have already embraced IoT, with an additional 19% planning to adopt IoT within their organisation over the next year. By the end of 2018, these figures suggest IoT will be adopted by nearly half of all businesses.
The benefits of IoT are already being seen in the home, with smart thermostats and smart speakers becoming commonplace over the last year.
Naturally, IoT brings infinite potential and possibilities for businesses, with everyday devices able to connect, monitor, and transfer large amount of data between each other.
However, in the rush to adopt this new technology, organisations need to carefully consider the new security risks posed by introducing IoT into the workplace.
When traditional computer hardware and software vulnerabilities arise, manufacturers such as Apple and Microsoft release security updates and patches to fix them.
However, unlike traditional IT infrastructure, IoT is made up of hardware and software from a huge number of different sources. In many cases, these manufacturers are prioritising bringing their device to market before a competitor does, which means security becomes an afterthought.
Additionally, continued support is not guaranteed. Will the manufacturer of the smart light bulbs installed across your sites release OS updates? How will your company manage checking for and installing updates across all of your smart light bulbs? If a vulnerability becomes known, and no patch is released, do you leave them in place, knowing there are now hundreds of potential entry points into your network? Or do you replace them all, negating any cost benefit from adopting an IoT solution in the first place?
This is a very basic example. As IoT continues to carve out its place in the business world, devices will become responsible for integral processes, such as inventory management, and quality control and assurance. It will be harder and costlier to replace or remove these devices once they are embedded.
Over the next few years, we can expect to see hackers actively exploiting companies utilising IoT. For cyber criminals, IoT has the potential to be a route to accessing the largest organisations in the world. Small and medium sized businesses providing services to global organisations are a prime target, and IoT will very likely be an entry point. Businesses of every size need to consider the security implications of IoT. This will become an even greater priority in light of the new EU General Data Protection Regulations (GDPR).
In the future we will likely see minimum standards and certifications for IoT devices, in order to provide consumers and businesses with greater confidence when buying. However, businesses will still need to adapt to new ways of managing digital security across their networks as previous policies and systems will no longer be enough.
If you’d like advice on digital security and IoT in your organisation, we’d be happy to help. Call us on 0844 586 0040 or email firstname.lastname@example.org.