As internet of things multiplies, so do potential security headaches

New EY report warns that with IoT, 'finding loopholes to enter any network will be easier for any attacker since there will be so many ways to attack.'
Written by Joe McKendrick, Contributing Writer
The Internet of Things (IoT) promises to bring a lot of intelligence to every aspect of business and personal lives. But before diving headfirst into the IoT, organizations need to step back and consider the security implications.
Photo: Joe McKendrick

That's the gist of a new report by EY, which suggests that IoT will have a multiplying effect of today's cybersecurity challenges. Instead of one data center to protect from hackers, there will be multiple systems, and multiple ports of entry. "Finding loopholes to enter any network will be easier for any attacker since there will be so many ways to attack," the report states.

The report's authors outline where the vulnerabilities are:

Mobile devices. This has already been keeping IT leaders awake at night for some time. These are one of the earliest waves of IoT, and they show no signs of abating. "Inevitably, one vulnerable device can lead to other vulnerable devices, and it is almost impossible to patch all the vulnerabilities for all the devices," the report's authors caution. "With even more devices connected, it will be even easier for a cyber criminal to get into your attack vector." In addition, the report states, mobile apps that are brought in as part of BYOD open up new risks. "The increase in the number of apps on the device increases the likelihood that some may contain malicious code or security holes."

Infrastructure. "Traditionally closed operating technology systems have increasingly been given IP addresses that can be accessed externally, so that cyber threats are making their way out of the back office systems and into critical infrastructures, such as power generation and transportation systems and other automation systems," EY warns.

Cloud computing. "The cloud provides a platform for IoT to flourish, however, there are still many challenges which we face today when it comes to cloud security or data security in the cloud," the report states. "Organizations are often discovering too late that their cloud provider's standards of security may not correspond to their own. With big data also coming into picture, there will be an enormous amount of data produced for the service providers as well. With the plethora of data that they will have, the storage servers will have to be updated and secured all the time. There will be an increase in risks for communication links too, since the sensors and devices will be communicating sensitive personal information all the time on the channels."

How to stay ahead of the game as reliance on IoT expands? Be proactive, EY advises -- and basically follow the same common-sense rules that apply to all levels of IT security.

"There is no single object that can be described as the IoT infrastructure -- there are many disparate and uneven networks," the report states. "Because of the increasing stresses on these networks, due to the demands of the data that needs to be supported, many technical areas will need to be redesigned. Additionally, the number of connected devices in circulation being used for the vast amount of interactions has created further challenges in data privacy, data protection, safety, governance and trust."

The report suggest that enterprises respond by defining and encompassing "the organizations extended cybersecurity ecosystem, including partners, suppliers, services and business networks." Get to know your "vital assets and their value," and invest up front in their protection. EY also urges enterprises to ensure "that everyone in the organization understands the need for strong governance, user controls and accountability. Organizations may not be able to control when information security incidents occur, but they can control how they respond to them -- expanding detection capabilities is a good place to start."

(Disclosure: The author has conducted project work within the past year for EY, mentioned in this post.)

Editorial standards