Request Demo

Digital Risk Management

The Next Wave Of Innovation For The Internet of Things Is Security

down-arrow

 

 The internet of things (IoT) is a force transforming the modern enterprise. Anything from robotics in warehouses to smart manufacturing to data center monitoring, the enterprise IoT is forcing almost every aspect of a business to rethink their processes as this technology augments the abilities of the organization. IoT devices are hitting the market at a staggering rate - having exceeded the world’s population, it is expected that there will be over 20 billion connected devices by 2020 (Gartner).

 

“A common theme in cyberattacks today is that many are driven by a lack of security awareness, and this is accentuated with IoT security,” said Kevin Simzer, chief operating officer for Trend Micro in a press release.

In a survey carried out by Vanson Bourne, 1,150 IT and security decision makers across the US, UK, France, Germany and Japan recognized that the security teams lack an awareness of cybersecurity needs in relation to internet of things projects. 

New technology, new risk

The rise of this transformative technology and new ways to interact with the world brings a host of new risks of attack. The rapid release of more and more new connected devices to market with little regard for the security of those devices once they’re in the wild has left organizations and consumers alike open to a host of new threats.

With the topics of security and privacy entering the zeitgeist with the Facebook and Google breaches and the rise of legislation like GDPR, IoT security is soon to emerge from the peripheral as a product differentiator in the market.

Research by Bain & Company finds that enterprise customers would buy more IoT devices if their concerns about cybersecurity risks were addressed—on average, at least 70% more than what they might otherwise buy. What’s more, 93% of the executives we surveyed said they would pay an average of 22% more for devices with better security.

While governing bodies like NIST and ENISA are actively working on standards to secure the IoT, we are still a ways off from security being an IoT industry standard.

"Despite the clear need to understand the cyber risk to urban critical infrastructure, there is no data-driven model for evaluating SCADA software risk for IIoT devices"  

- Dr. Greg Falco, Research Scientist, MIT Sloan and MIT CSAIL*

Many of the challenges these organizations face is how to secure legacy devices that are already in the wild. In the interim, device manufacturers will continue to produce devices with varying amounts of security.

What the Bain study shows us is that security is no longer a nice-to-have feature. As IoT devices become more integrated to critical aspects of our daily lives, the security of those devices becomes non-negotiable.

More questions than answers

How can a business use security as a selling point without raising its profile?

To date, many CISOs shy away from sharing too much about their security program as it would raise their profile and potential for attack. However, if customers are willing to pay an average of 22% more based on the security program, is the opportunity worth the risk?

Where will we see security as a critical feature?

Hospitals are one of the biggest consumers of enterprise IoT. With the FDA actively working to develop medical device cybersecurity practices, we assume that the medical device and biotech industries will be the first to see IoT security as a selling point and potential price driver.

The next wave of innovation will be in security

While there may be more questions than answers about the future of IoT security, what we do know is the next wave of innovation in IoT will be around security. As risk management becomes a core business function and security becomes a focal point in the buying process, device manufacturers will be faced with the choice to integrate better security into their products or lose business.

* "IIoT Cybersecurity Risk Modeling for SCADA Systems" , Faclco Greg et al, IEEE Internet of Things Journal , to appear 2019

You may also like

Reading Between the Lines of NIST ...
on July 9, 2019

On June 19th, the National Institute of Standards and Technology (NIST) released the much anticipated Rev 2 of SP 800-171 and the working draft of supplement SP 800-171B. As the ...

How We're Making DFARS Compliance ...
on July 2, 2019

With the Department of Defense (DoD) making DFARS compliance a requirement for all contractors doing business with the DoD, a great amount of stress has been put on DoD ...

What to Expect from the Security ...
on June 26, 2019

Digital Society is Real, and Security and Risk Management Solutions Must Embrace Digital to be Successful Digital Society: “The collection of people and things that are engaged in ...

Alison Furneaux
Integrating GRC: Compliance, ...
on June 25, 2019

In our Integrating Governance Risk and Compliance series, CyberSaint leadership explores the process through which cybersecurity leaders can reconfigure their organizations to ...

George Wrenn
Integrating GRC: Risk, ...
on June 19, 2019

In our Integrating Governance Risk and Compliance series, CyberSaint leadership explores the process through which cybersecurity leaders can reconfigure their organizations to ...

Padraic O'Reilly
CyberSaint at Gartner Security and ...
on June 13, 2019

Next week, forward-thinking security and risk leaders will congregate in National Harbor for Gartner’s annual Security and Risk Management Summit. As the preeminent voice in the ...