Request Demo

Digital Risk Management

The Next Wave Of Innovation For The Internet of Things Is Security

down-arrow

 

 The internet of things (IoT) is a force transforming the modern enterprise. Anything from robotics in warehouses to smart manufacturing to data center monitoring, the enterprise IoT is forcing almost every aspect of a business to rethink their processes as this technology augments the abilities of the organization. IoT devices are hitting the market at a staggering rate - having exceeded the world’s population, it is expected that there will be over 20 billion connected devices by 2020 (Gartner).

 

“A common theme in cyberattacks today is that many are driven by a lack of security awareness, and this is accentuated with IoT security,” said Kevin Simzer, chief operating officer for Trend Micro in a press release.

In a survey carried out by Vanson Bourne, 1,150 IT and security decision makers across the US, UK, France, Germany and Japan recognized that the security teams lack an awareness of cybersecurity needs in relation to internet of things projects. 

New technology, new risk

The rise of this transformative technology and new ways to interact with the world brings a host of new risks of attack. The rapid release of more and more new connected devices to market with little regard for the security of those devices once they’re in the wild has left organizations and consumers alike open to a host of new threats.

With the topics of security and privacy entering the zeitgeist with the Facebook and Google breaches and the rise of legislation like GDPR, IoT security is soon to emerge from the peripheral as a product differentiator in the market.

Research by Bain & Company finds that enterprise customers would buy more IoT devices if their concerns about cybersecurity risks were addressed—on average, at least 70% more than what they might otherwise buy. What’s more, 93% of the executives we surveyed said they would pay an average of 22% more for devices with better security.

While governing bodies like NIST and ENISA are actively working on standards to secure the IoT, we are still a ways off from security being an IoT industry standard.

"Despite the clear need to understand the cyber risk to urban critical infrastructure, there is no data-driven model for evaluating SCADA software risk for IIoT devices"  

- Dr. Greg Falco, Research Scientist, MIT Sloan and MIT CSAIL*

Many of the challenges these organizations face is how to secure legacy devices that are already in the wild. In the interim, device manufacturers will continue to produce devices with varying amounts of security.

What the Bain study shows us is that security is no longer a nice-to-have feature. As IoT devices become more integrated to critical aspects of our daily lives, the security of those devices becomes non-negotiable.

More questions than answers

How can a business use security as a selling point without raising its profile?

To date, many CISOs shy away from sharing too much about their security program as it would raise their profile and potential for attack. However, if customers are willing to pay an average of 22% more based on the security program, is the opportunity worth the risk?

Where will we see security as a critical feature?

Hospitals are one of the biggest consumers of enterprise IoT. With the FDA actively working to develop medical device cybersecurity practices, we assume that the medical device and biotech industries will be the first to see IoT security as a selling point and potential price driver.

The next wave of innovation will be in security

While there may be more questions than answers about the future of IoT security, what we do know is the next wave of innovation in IoT will be around security. As risk management becomes a core business function and security becomes a focal point in the buying process, device manufacturers will be faced with the choice to integrate better security into their products or lose business.

* "IIoT Cybersecurity Risk Modeling for SCADA Systems" , Faclco Greg et al, IEEE Internet of Things Journal , to appear 2019

You may also like

The Cybersecurity Skills Gap: The ...
on February 7, 2019

The cybersecurity skills gap is nothing new to the seasoned cyber professional. It has been widely discussed in cyber and information security circles for some time. The main flag ...

George Wrenn
The Post-Digitization CISO
on February 5, 2019

Information leaders in digital businesses, whether focusing on optimization or a full transformation, are inherently altering their position among the executive leadership. As ...

Integrated Risk Management and ...
on January 31, 2019

With technology permeating every aspect of a business, one begins to wonder what technology is reserved for digital risk management rather than the other facets of integrated risk ...

Department of Defense Launches ...
on January 29, 2019

The Defense Federal Acquisition Regulation Supplement (DFARS) mandate, specifically Clause 252.204-7012 requiring all members of the Department of Defense’s supply chain to comply ...

Digital Risk Management Frameworks
on January 24, 2019

As organizations continue to embrace digitization, security teams are faced with the challenge of keeping the enterprise secure while empowering growth and innovation. Many CISO’s ...

The Cybersecurity Impact Of The ...
on January 23, 2019

There has been a great deal of speculation around the cybersecurity posture of the nation in light of the most recent (and longest documented) government shutdown. I’ve seen two ...

George Wrenn