The Internet of Things presents numerous opportunities, but according to one cybersecurity expert, equal focus must be placed on the risks that it introduces for both consumers and businesses.
“I think it’s important to focus on the opportunities [of IoT] and while I don’t want to say we should focus on the risk rather than the opportunity, I think the risk is sometimes dismissed or doesn’t have enough attention placed on it,” said Nick Savvides, Symantec’s manager of cyber security strategy in the Asia-Pacific and Japan region.
“I would rather see the risks discussed without any detraction from the opportunities because I really think that IoT has the opportunity to transform the way that we live, from a consumer’s perspective.”
Savvides told IoT Hub that there are a number of components to IoT that represent a risk, both from a consumer’s point of view, and that of business.
“From a consumer’s perspective, there are a couple of things I think are fraught with the biggest risk, and that is the loss of their data and the hijacking of devices,” he explained.
“Generally, IoT devices are used in home automation and vehicle automation, and also in a bunch of personal devices such as baby monitors, fitness trackers, and so on.
“They gather a lot of information about people and their families, so the two biggest risks really are the misuse of personal information and hijacking of devices to cause a malicious action.”
For businesses, Savvides sees the management of IoT ecosystems as representing the biggest risk.
“IoT devices generally do not have a management framework and uses technologies that exposes companies to greater risk because they can’t apply the same sort of security controls that would normally be applied to other technology infrastructure,” he said.
“For organisations, the management of IoT and being able to extend their security to those devices should really be a primary concern.”
Savvides also worries about the rapid abandonment of IoT technologies as new devices supersede older ones, and the support provided for older devices disappears more rapidly.
“You have vendors who are building technologies and then decide that their product isn’t suitable, so they ‘reinvent’ themselves, build new devices and software, and stop supporting their older models,” he said.
“You’re already seeing this happen, either through company acquisitions, or companies shutting down, and for a company like Symantec, the biggest worry is abandoned technology that no longer receives security updates.”
How do you manage IoT risk?
Savvides said that there are a number of strategies that consumers and businesses can employ to ensure the risks associated with IoT are addressed.
“The security hygiene that we take for granted in our corporate networks needs to be applied in all of these IoT environments,” he said.
“Other things that can be done aren’t very hard at all, like driver signing, the enforcement of firmware updates, traffic encryption – these are no longer complicated things to implement.”
The one concern that Savvides thinks will be more difficult to address is how to ensure an adequate level of security and maintain the interoperability required for IoT ecosystems to function.
“The maturity of IoT ecosystems will take a longer time to develop.”