Earlier this year, hackers cracked the IT network of a Las Vegas casino and compromised its database of high-roller players. The extent of the damage is unknown, but what is known is the cybercriminal’s method of attack: A single internet-of-things (IoT) enabled thermometer used to monitor the water temperature of the casino’s aquarium.
This is just one example of how IoT is revolutionizing the business landscape. With a global market predicted to hit $457 billion across 20.4 billion devices by 2020, it’s clear that the IoT is catching on. But despite the advantages these new devices present, they’re creating as-of-yet unknown challenges to data security—and making businesses more vulnerable than ever before.
Security Risks of IoT
Every internet-enabled device that collects, sends, or receives business data needs the same level of protection as your established business devices, as the risks of data loss or exposure increase exponentially with each device in use:
- Each IoT device presents a new access point into your company’s network;
- Data transmitted through IoT devices must be sent through secure channels to prevent eavesdropping or snooping; and
- The wealth of new information created through IoT networks means that companies have bigger stores of data that need to be housed securely.
And as our Las Vegas casino found out, even a single compromised device can expose your entire system to risk.
The IoT Lacks Accountability
Perhaps worst of all, the IoT ecosystem is new enough that industry-wide protocols for data security haven’t been implemented. The dangers posed by this situation were stated in a letter from U.S. Senator Mark Warren to FCC Chairman Tom Wheeler back in 2016:
“Because the producers of these insecure IoT devices currently are insulated from any standards requirements, market feedback or liability concerns, I am deeply concerned that we are witnessing a ‘tragedy of the commons’ threat to the continued functioning of the internet, as the security so vital to all internet users remains the responsibility of none.”
But when it comes to business-facing applications of IoT, it’s clear that the responsibility of IoT security falls squarely on the businesses themselves. No organization should consider using IoT devices without an established security strategy to insulate themselves from attack.
In short, the market is growing exponentially and driving serious value for companies—but without a structured system for protecting their data, businesses leveraging the IoT may be doing themselves more harm than good.