It’s predicted that the internet of things (IoT) market will grow to $1.7 trillion by 2020 and that the global economic impact may reach $6.2 trillion annually by 2025. These products offer new, exciting solutions that increase efficiency, convenience and cost savings for businesses and consumers alike. David Doss, the chief architect for information assurance capabilities for the National Security Agency, recognizes both the promise and problems these technologies offer.
Risks of innovation
“Things like easily-available, high-power microelectronics, data storage and software as a service make the barrier of entry for a small company really low,” Doss highlights. These innovations, however, introduce new risks. The current IoT marketplace is redolent of the early stages of the internet; when developers and manufacturers focused on producing products quickly at the expense of security. “Unfortunately, I think that security is often seen as an afterthought,” Doss continues. “The utility, efficiency and functionality of a new technology tends to outpace security concerns until you start having security problems.”
Experts agree that technological advancement is outpacing security and predict this trend will persist until we change how we approach and implement cybersecurity strategies and practices.
“We have to look at cybersecurity with the same excitement and level of passion as we do innovation, and I don’t think we are there yet,” Doss states.
There isn’t an industry that IoT hasn’t touched. “It’s now so cheap to put things that communicate wirelessly into a product; your microwave and slow cooker are now trying to reach out and find a network,” he jokes. Among the most significant markets within IoT is the automotive industry, where the connected car is already changing the way we live.
“The proliferation of sensors in the automotive industry is amazing,” Doss shares. “Now when I’m driving, if someone stops in front of me and I don’t break in time, my car stops for me — and the ability to sense whether or not action should be taken and then to take actual action without me doing anything is an example of how IoT is transforming the way we live and act every day.”
These seemingly helpful products can become tremendous liabilities in high-security spaces. From medical information to electricity consumption, connected devices collect vast amounts of information, making them irresistible targets for hackers.
“In some cases, we’ve found manufacturers advertise that they have certain IoT or wireless communication devices in their products, but there’s actually additional functionalities that they’re not advertising,” he outlines.
Security and privacy
What can small businesses do to make sure they’re implementing IoT wisely? Doss recommends having clear, open dialogue with potential providers. “The vendor should take some time to understand your mission or business. If they can’t answer security, policy or privacy concerns, then that’s probably an indicator of if you really want to be working with these folks.”
Beyond that, a simple, yet commonly overlooked strategy can go a long way to protect both businesses and consumers. “Don’t set one password for every device,” Doss says. “If you have a million devices with the same password, you’re not hard to hijack.”