Why IoT security should keep you up at night

Recent data shows that although cloud computing security is still a priority, IoT security is not

Why IoT security should keep you up at night
Thinkstock

Internet of things (IoT)-based attacks are now a part of corporate life. A recent Gartner survey found that nearly 20 percent of organizations observed at least one IoT-based attack in the past three years.

“But wait,” you might say, “we’ll just do better at locking things up, right?” Wrong.

To protect against those threats, Gartner forecasts that worldwide spending on IoT security will reach $1.5 billion in 2018, a 28 percent increase from 2017 spending of $1.2 billion. But that is not going to be enough considering the number of IoT-enabled devices in use—and will be in use—and their ability to make attached cloud systems much less secure as well.

Despite the steady year-over-year growth in worldwide spending, Gartner predicts that through 2020 the biggest inhibitor to growth for IoT security will come from a lack of prioritization and implementation. This means that companies using IoT won’t follow security best practices and use the right tools in IoT planning. This will hamper the potential spend on IoT security by 80 percent, which means that the hackers will go after these connected devices, like they would a bank vault with a screen door.

The fact of the matter is that keep things secure—your cloud-based systems, traditional on-premises systems, and now IoT devices—everything must be secure that is interconnected. Security is like the links of a chain: It’s only as strong as the weakest link. This weakest link is now typically a robot on the factory floor, the thermostat on the wall, or even the fitness tracking watches you’re probable wearing right now.

Cloud computing security is holistic, meaning it needs to be systemic to all cloud-based platforms and workloads—including any systems connected to those workloads, and any devices connected to the cloud. This means you need to think through IoT security before implementing devices in your company.

For many, this will mean not allowing devices on your network until they have passed security and security operations (secops) testing. This means they must exist in an identity and access management (IAM) system, have data encrypted, and have other ways applied to lock the door based on what the device does.

This issue keeps me up at night. There are just too many IoT vulnerabilities that may be exploited now, and far too few in IT actually see this as a problem. As an old boss once told me: “Keep us out of the news.”