Things that were nearly unheard of just a few years ago, such as tracking wellness on your watch or phone, a refrigerator that orders your groceries for you, payment from your phone with biometrics and even a mobile driver’s license, are all now reality.
Pros and cons
Building cybersecurity into connected products is a critical component needed to unlock the vast potential of IoT innovation. If done well, it empowers companies to successfully implement their business strategy, mitigate risks, protect their brand reputation, create product differentiation and establish market leadership.
According to Gartner, 20.4 billion connected “things” will be in use by 2020. However, while manufacturers are eager to go to market with IoT products, building security measures into these devices often remains an afterthought. Interconnected technology is inherently linked with cyber threats used by attackers who manipulate software vulnerabilities and weak links in connected ecosystems.
As these threats continue to rise, companies must build cybersecurity into their organization, processes and product-development lifecycle (including updates and end-of-life management). Otherwise, they risk being bypassed by competitors or, worse, may find themselves at the center of the next breach.
Whether companies choose to become early or late adopters for IoT, the new risks that threaten safety are expanding. Balancing those risks with innovation is the new science that must be applied.
How to adapt
What should organizations do in this situation?
Don’t fear the unknown, but embrace it with caution. Start by baselining current organizational capabilities and expertise. There is a dramatic shortage of qualified practitioners in this field, so whether companies build internal teams or outsource, they must find trusted parties with deep experience helping companies prepare for use of these new technologies and their associated risks.
Of course, it can be difficult to fit security into increasingly tight time and budget requirements for product development. Fortunately, some simple steps can be taken to start increasing the security of connected systems.Initial priorities to address include building a manual override into safety-critical operations, assigning unique passwords per IoT device and testing products or systems for known vulnerabilities.
Next, build a risk management framework for the organization. Companies have built quality and safety frameworks for decades, and now it’s time to adopt this process for security as well. Plan a long-term vision of where the company wants to go, in three or five years for example, and build up a maturity plan to continuously improve.
And finally, engage with trusted, third-party cybersecurity experts that the company has leveraged for safety. Get their advice to help the organization better understand and manage risks, build more secure products and protect brand trust.
While there is no silver bullet for solving IoT cybersecurity challenges, companies must begin to assess and address cybersecurity risks. This enables them to continue innovating in an increasingly complex world of product and system interconnectivity with greater confidence.