Thieves are lazy, they break in where it’s easy
If you were a professional thief you would probably avoid breaking into houses that have security systems or intimidating dogs. The same goes for hackers. They prowl the net using robots, trying to find weaknesses in systems that they can use.
Sometimes they may be after specific information about your company. Something they can use. Financial information that can influence the stock market. Health information from a hospital can be used to extort the hospital or a specific patient. Accessing the software in a car to take over the control of the steering or the breaks. And hacking a nuclear power plant to….well, you get the idea.
“The objective here is not to get data, but to steal processing power from a wide range of small connected items.”
The way forward – what to do?
IT security used to be the natural responsibility of the IT department, but when IoT entered the scene things changed. It became hazy who was responsible since IoT often are incited by other divisions. To define ownership of the IoT security in an organisation is therefore vital. Secondly you need to assess your risk areas are and what needs to be protected. Then you need to evaluate your internal competence and how much you are capable of handling yourselves. Firewalls, routines to prevent and detect intrusions etc. And if you still need an external partner to make your company safer, find one that can answer how they handle their own safety. Are they certified, how have they developed routines for themselves and how often do they do follow ups to maintain a high level of security?
- Define ownership of the IoT security
- Assess your risk areas, what needs to be protected?
- Do you have the knowledge in house?
- Chose a partner that has a good answer on how they handle their own safety
Is there such a thing as 100% security?
If someone claims that they have a solution that is foolproof, they don’t know what they are talking about. Creating and maintaining a high level of security is a work in constant progress. Rarely is it about spectacular crypto algorithms and complicated systems. For most it is better to use the technology that you already have and implement a security standard that is so user friendly that your employees actually follow it. What many companies have learned the hard way, is that most security breaches or virus infections are a result of human negligence. So security issues shouldn’t stop you from developing new IoT solutions, but you need to make sure that you develop security routines simultaneously.