According to ISACA’s 2015 IT Risk/Reward Barometer, 73 percent of IT professionals consider it likely that a company will be hacked through a connected device and a similar number (72 percent) don’t believe that manufacturers are implementing sufficient security measures in IoT devices.
With the world is being connected through IoT device, it is possible to hack any information delivered from the connection. Connected devices introduced by employees to company networks pose some of the greatest risks. With barring IoT outright not an option, companies will need to roll out tailored best practices and standards.
Related to this risk is that workplaces are becoming more difficult to secure as connected devices like fitness bands and smart watches spread in popularity and ease their way to the office on the wrists and in the pockets of employees. If these seemingly harmless devices connect to your company’s networks or servers and share and store information, they create more entry points where such information can be compromised. Cybercriminals realize this. Many of your employees probably don’t.
The Risk/Reward Barometer also found that the average American is very confident—and perhaps even naïve—when it comes to data security. While 65 percent do have a healthy fear that their IoT device(s) may be hacked, nearly the same amount (64 percent) are confident that they can control the security of these devices — a stark contrast to the paltry 20 percent of IT professionals who share their optimism. Despite the slew of very public data breaches over the past few years, your employees still think they have more control than they actually do.
Prohibiting new technology is not the answer. The business risk of not embracing the Internet of Things — and falling behind competitors — is not an option. In the workplace, IoT devices can be a great boon for businesses, bringing greater accessibility to information, greater efficiency, improved services and increased productivity.
Avoidance isn’t the answer; risk management is. Yet companies and government organizations should not wait for device manufacturers to address vulnerabilities or even make end users fully aware of potential risk. In addition to believing that device manufacturers are failing to implement sufficient security measures, the IT professionals surveyed by ISACA believe these manufacturers are not transparent enough: 84 percent say device manufacturers don’t make users sufficiently aware of the type of information the devices collect.
What organizations can do now is to implement best practices and standards based on their own unique needs. While specific protocols will vary, organizations should consider the following steps:
- Educate and raise awareness among the Board of Directors about game-changing new technologies like the Internet of Things and the role of risk management.
- Ensure all workplace devices owned by the organization are updated regularly with security upgrades.
- Require all employee-owned devices to be wirelessly connected through the workplace guest network rather than the internal network.
- Provide cybersecurity training for all employees to make them aware of best practices and the different types of cyberattacks
- Ensure that your organization’s IT and security professionals are CSX-certified.
The Internet of Things is here to stay, and it holds tremendous potential for delivering better business performance and an improved quality of life for the average consumer. In the race between capitalizing on its rewards and setting up the proper processes to manage risk, the winner will be the organization that manages to juggle both.