As the IoT moves toward the core of digital business, the integration of security domains — IT, OT and consumer technologies — will likely introduce game-changing hazards. These potential risks include disruption in the information flow among connected devices, physical interference with equipment, impacts on business operations, theft of sensitive information, compromise of personal data, damage to critical infrastructure — and even loss of human life.
Beyond security, many privacy issues surround IoT implementation, particularly related to the collection, storage and use of data flows of information acquired through the use of these devices. When the collection and use of IoT data includes personal information — or if the information collected can be used to paint a detailed picture of an individual’s activities — businesses must then consider the privacy risks associated with processing this data.
Indeed, as Internet-connected devices proliferate — ranging from smartphones to fitness trackers to cars and manufacturing floors — IoT security and privacy have become a new business priority.
Yet many companies are starting to take action on both the IoT security and privacy fronts. These companies are planning to fund initiatives such as the development of new data-governance policies, device and system interconnectivity and vulnerability, employee training and uniform cybersecurity standards and policies.
Organizations will need to develop procedures to build in cybersecurity and privacy from the outset when designing new software and devices. Already, some businesses are reconsidering their software-development strategy for connected devices, with an emphasis on more flexible cybersecurity capabilities.
It seems all but certain that the IoT will be this decade’s great disruptor. This interconnected platform promises to generate expansive economic growth by transforming business models and unleashing innovative products and services that will make consumers’ lives easier and safer.
It’s good news that organizations are beginning to address cybersecurity and privacy for converged technologies, but much remains to be done. Those that take proactive steps to implement an integrated IoT cybersecurity and privacy program will be better prepared to manage inevitable future risks and create new products and services that can transform business models. This new report in our Global State of Information Security Survey® looks at how organizations are taking steps to secure the IoT and prepare for future opportunities.
"As the Internet of Things rapidly expands, it is introducing new risks that are not well understood and could have sweeping implications. The management of risks to cybersecurity and privacy must not be an afterthought in development and adoption of connected devices — it needs to be a greater priority."