IoT and Cybersecurity: Safeguarding the Future of Technology

March 5, 2024

The Internet of Things (IoT) represents a shift from the traditional internet by operating without human intervention, with estimates predicting the market for IoT suppliers will reach $500 billion by 2030. Through sensors, IoT devices collect, analyse, and act on data, opening new avenues for technology, media, and telecommunications industries to innovate and provide value. This could range from launching new business models to enhancing consumer experiences. However, this connectivity and automation introduce heightened cybersecurity risks. The IoT involves extensive data sharing, including sensitive information, across numerous devices, significantly amplifying potential security threats.

Consider a smart home system as an example. A garage door opener that disables the home alarm system upon entry might offer convenience but also presents a risk if compromised, potentially leaving the entire home vulnerable. The variety of connected devices such as TVs, thermostats, and security systems expands potential entry points for cyberattacks, endangering both consumer privacy and corporate data.

As technology, media, and telecom companies navigate these challenges, several key insights emerge:

• Adopting an integrated risk management approach is crucial.
• Balancing cyber risk management with innovation is essential.
• The lack of global risk standards should not deter action.
• While retrofitting older systems can mitigate risks, it may also introduce new vulnerabilities.
• Employing loosely coupled systems offers immediate security benefits without the need for a complete system overhaul.

Adopting a Unified Approach to Cyber Risk is Essential

In numerous large-scale enterprises, cyber risk management strategies can vary significantly across different regions, products, or divisions. This fragmented method has been sufficient for some, allowing various sections of an organisation to address cyber threats in a manner best suited to their specific needs. However, the rise of the Internet of Things (IoT) is challenging leaders in the technology, media, and telecommunications sectors to rethink this segmented strategy due to the interconnected nature of IoT systems. These connections often extend across the enterprise in ways that were not anticipated, complicating the task of securing IoT environments. The complexity is further exacerbated by the vast amount of data generated and collected, much of which is controlled or accessed by external parties.

Consequently, many executives are now advocating for a comprehensive cyber risk framework that elevates cybersecurity standards uniformly across the organisation. This holistic approach encompasses the entire lifecycle of a cyber threat, from prevention and detection to response and recovery. It involves proactive measures to thwart IoT-specific cyber threats before they manifest, ongoing surveillance to manage existing threats, and rapid recovery strategies to resume normal operations following an attack. This shift towards an overarching cyber risk philosophy underscores the importance of a consolidated response to cybersecurity in the age of IoT.

Balancing Cyber Risk Management with Innovation

The advent of the Internet of Things (IoT) brings the promise of generating unprecedented value through the accumulation of data. Nowadays, new business models thrive on the premise of close cooperation among organisations, with data acting as the critical link. This scenario encourages significant investment in customer analytics to unearth new opportunities for customer value. Such collaborations leverage a wide array of data types, from traditional device and system information to more unconventional data like facial recognition, access controls, and industrial system data. This dive into diverse data types often ventures into unexplored territories where data governance struggles to keep up.

Managing data governance effectively in this context is a delicate balancing act. Overly stringent controls may stifle the innovation essential for growth, while too lax an oversight exposes organisations to cyber threats. Studies have shown that more than 10% annual growth in the number of interconnected IoT devices leads to higher vulnerability from cyberattacks, data breaches, and mistrust. This is why Innovation and cyber risk management must progress hand in hand, without one being overshadowed by the other. Progressive leaders in the fields of technology, media, and telecommunications are finding equilibrium by fostering communication among business leaders both internally and externally to set a “baseline of normal.” This strategy involves defining what typical data activity looks like so that deviations can be swiftly identified and addressed, ensuring both innovation and security move forward together.

Lack of Global Standards Is No Barrier to Action

The Internet of Things (IoT) spans both public and private sectors, creating a shared ecosystem without universal regulatory oversight. Despite the absence of global standards, strategic and collaborative operations among IoT partners can generate significant consumer value. However, this collaborative approach to security and governance is not foolproof without formalised standards, as security breaches can happen anywhere within the ecosystem, jeopardising the collective approach to risk management. Although industry-wide standards are anticipated, they are likely several years away. In the interim, as the IoT expands rapidly, business and technology leaders are compelled to forge and adopt their own cyber risk protocols in the absence of formal guidelines.

Industries have started to coalesce into various consortia, with those in technology, media, and telecommunications poised to spearhead the development of these standards. One of the critical challenges is achieving interoperability among diverse, isolated solutions, a goal that demands greater cooperation across the IoT ecosystem. Currently, the IoT’s vast potential is hampered by data being produced in incompatible formats and devices connecting through different networks and protocols. The absence of standardised operations for IoT devices presents significant hurdles to interoperability, yet overcoming these challenges also unlocks tremendous business value from the IoT landscape.

Retrofitting Legacy Systems: A Double-Edged Sword

In the realms of technology, media, and telecommunications, there’s a growing trend towards integrating IoT functionalities into pre-existing infrastructures or collaborating with customers and partners aiming to do so. These legacy systems, previously isolated, now face increased vulnerability to cyberattacks due to their newfound connectivity. Does this vulnerability render retrofitting a non-viable option? Not exactly. Considering the substantial investment required for new technologies—which may themselves become outdated swiftly—retrofitting emerges as a potentially more viable solution.

However, retrofitting is not without its unique set of challenges. For instance, the proliferation of connection points within the IoT ecosystem renders traditional, simplistic security measures, such as shared accounts and passwords, inadequate. In certain scenarios, devices or components specifically designed for IoT applications may offer a more secure alternative. Recognising and accurately evaluating the risks associated with retrofitting are essential for effectively navigating and mitigating these concerns.

Implementing Loosely Coupled Systems as an Interim Solution

Leaders aware of the comprehensive security features required to address IoT-related cyber risks recognise the impracticality of immediate, full-scale implementation. However, they can start applying the principles of such systems today by adopting loosely coupled systems. This approach minimises risk by ensuring that a failure in one device does not precipitate a system-wide breakdown. Effective IoT solutions should integrate tailored operational functionalities with stratified cyber risk management strategies, allowing for enhanced security without the need for complete system overhauls.

Avery Fairbank Talent Insights

The IoT talent pool is exploding, with a 34% increase in professionals globally compared to one year ago. Among this talent, some of the most common skills include Python, software development and engineering. The fastest growing skills on the other hand include computer science, analytical skills and troubleshooting. Software Engineer is the most common role for IoT talent, accounting for 5% of the total global IoT talent pool.

Published on 05-03-2024