There is no doubt about it, the Internet of Things (IoT) has made life better. I’m not just talking about the fact that I can be connected 24/7 through my laptop, tablet or phone. The rapid expansion of devices that are connected to the internet and weaved into our everyday life is remarkable. For example, this morning I woke up and didn’t have to get out of bed before Alexa told me today’s weather and top stories and my iPhone gave me a traffic alert that it would take longer than usual to get to my 8AM meeting. We’ll save the conversation on how this is also making me lazier for another day but I think we can all agree that our lives are enhanced because of these devices.
It’s not just our personal lives that are improved by these devices, companies are finding that being connected to the Internet of Things is also becoming a competitive advantage in the market. While employees find it easier to be connected to their job, it is also easier for organizations to keep in touch with their multiple locations, manufacturing plants, and distribution centers.
However, as with every great benefit in life, there are also risks. While you may not think about the risk of your smart TV telling Hulu about all of the 1980’s throwback TV shows you watch, there are serious risks when it comes to the IoT. In today’s blog, I want to talk to you first about some of the awesome benefits of the IoT but I also want to caution you against the risks and give you a few tips and tricks on how you can mitigate them.
1. Better Analysis Because You Have More Data Than Ever Before
With multiple devices connected to the internet, you are able to bring together manufacturing-related data (and many other forms) that will help with reporting, analysis, visual summaries and being able to pass data from the corporate level to the branch level in order to increase efficiencies.
2. Maximize Efficiency
Here I am going to talk about one of my favorite parts of the IoT – tracking my package. Think about it- before you would, maybe, get a window of time on when your package was supposed to arrive and now I get a text for every step it makes from leaving the warehouse to arriving at my front door. Again, selfish reasoning but even back in 2014, Frederico Guerrini wrote in Forbes about how this technology would transform the postal service. The IoT can make USPS more efficient, I don’t know of a better case study than that.
3. Decreased Cost
Let’s be honest, it usually comes down to budget. When you take advantage of the connectivity of your solutions you can monitor on a real time basis and cut on visits between locations. If you are in healthcare, this can cut down on doctor’s rounds by giving real-time patient updates. If you are in financial services, you can get real-time readings from each bank branch.
1. Big Data On Steroids
I realize this is directly in contradiction from the #1 point above but let’s be honest, more data can lead to more problems. The IoT means that you have more devices and more data than ever before and while that can be great for analysis and for figuring out new efficiencies, it can also lead to a list of vulnerabilities and alerts so large that you don’t know where to begin. How do you fix this? You need a vulnerability management and a threat-detection solution. Why? Because there is just no way that you, or any human, can go through all of this information and decide what is most important. With so much data from so many devices in the IoT, you need a vulnerability management solution and a threat detection solution. One to prioritize the vulnerability risks so that you can manage down the threat surface and one to monitor your devices to tell you if, and when, you've been compromised by a bad actor. However, just like there are thousands of vulnerabilities in your organization, there are thousands of alerts that can come with a threat detection solution. Make sure you have a solution that will only give you verified alerts rather than wasting time on alerts that aren’t real.
2. The Threat of Unknown Networks
With the convenience of 24/7 access comes the unknown factor of just where that 24/7 access is taking place. Are you in the office? Are you at home but also on your VPN network? Then you’ve clearly been listening to your security team. But if you happen to be on a plane on a coast to coast trip with Wi-Fi that won’t let you connect to VPN but you also really need to get that proposal done before you land…. You could be in trouble. That is just one example but I’m sure you can think of plenty more, especially if you have remote employees or multiple locations. These devices are connecting to these unknown networks and then coming back home to your safe, protected network with malware and other vulnerabilities and you must be able to catch them. Again, here a threat detection solution will monitor anything and every device that is connected to your network so that you can be sure, anything that is connected will be monitored and you will be alerted if there are any compromised devices immediately.
3. Admin Passwords
If you are a DevOps person, this may be the time to stop reading. I love developers but, let’s be honest, they are not usually too concerned about security. They expect you, your SecOps or your IT security team to take care of that. Therefore, you are left with administrative passwords like “admin” or “1234” which are easy for them to remember but also for every bad actor to guess. Again, the convenience of devices doesn’t always mean it’s convenient for you. Make sure that you are checking, changing, and enforcing password resets on all of your IoT devices.
Just as with most things in life, there are benefits and threats against introducing the Internet of Things to your company. What only you and your team can decide is if the benefits outweigh the risks. When it comes to cyber-security, there are always risks and we all know that it is not “if” someone can get in but “when” they get in. If you decide to take the risk and invest in the IoT for your company, make sure that you not only heed the threats listed above but also have a vulnerability management solution to help you prioritize the threats before they get in and a solution that will monitor all of your connected IoT devices to give you verified alerts when there is a threat to your organization.