If connected devices are going to surpass 26 billion in 2019, many IoT (Internet of Things) thought leaders are questioning whether various bodies can come together to ensure the right cybersecurity systems are in place to achieve the necessary levels of security and privacy. Actually, when you think about all the “things” we are connecting to the internet today it’s a really great question. Perhaps even a better question is whether that number is going to explode even more looking farther out.
There is a good reason for a lot of people in the industry to be suddenly very interested in how various industry players—including governments and regulatory bodies, as well as consumers—can work together to achieve necessary levels of security and privacy.
In light of the IoT’s unprecedented growth, security and privacy are important talking points right now, and there has been a lot of movement in the legislative arena regarding security and the IoT as a result. Also, couple that with the fact that making a little more noise will force consumers to pay greater attention to what is happening.
For those who need a refresher course on the different laws being considered right now in the U.S., be sure to read our article on the home page of connectedworld.com. For this column we take a closer look at research about IoT security awareness and review some security-related predictions for the space that can help us all be a little bit more prepared.
The law is going to play an important role in shaping the cybersecurity landscape going forward, but legislation usually isn’t the quickest way to achieving an end. Change can start on an individual company level with awareness, a commitment to following industry best practices in the realm of cybersecurity, and practicing good cybersecurity hygiene.
The simple lack of awareness about cybersecurity is a real problem in our industry.
Some recent research by Trend Micro backs this up. For instance, 86% of IT and security decisionmakers say their organizations need to improve their awareness of IoT threats. What’s more, 14% of Trend Micro’s respondents say they have complete organizational awareness of IoT threats.
Why is this a problem?
It’s just putting a little bit too much in the hands of fate. If you’re not aware of the threats, you’re most certainly not prepared to avoid them.
Cyberattacks frequently take advantage of organizations’ lack of IoT security awareness. This research suggests cyberattacks target office devices the most, followed by manufacturing and supply-chain devices and operations. Vendors need to be aware that this is a problem too.
Interestingly, 37% of respondents say they’re not always able to define their security needs before implementing IoT solutions, and we’d all like to see a lower percentage here. If companies can’t define their security needs, they’re kind of going blindly into an IoT implementation. It’s just not good practice.
If each player in the IoT value chain follows industry best practices for security, we’ll all be a lot better off. The first point is: be prepared.
Let’s look at some 2019 security predictions that could help us all be a little bit more prepared.
Splunk is a company that offers machine-learning solutions to achieve business outcomes from its data, and it recently released some predictions for 2019 that were worth sharing.
One of the predictions is that “interconnection will bring disconnection and risk.” In other words, more connectivity equals more vulnerability.
Perhaps this one is a little bit of a given. But after taking a look at Trend Micro’s research that suggests a lot of companies don’t actually know about the risks this is a fair point for Splunk to make.
On another note, perhaps not it’s valid to point out that as connections increase exponentially, so will the attack surface. Even companies that think they have security figured out are at risk of becoming complacent.
The changing threat landscape requires us to stay nimble. You don’t want to fall into the trap of complacency.
Splunk has a few more security-related predictions for 2019, including the rise of the “virtual analyst,” which could go a long way in assisting security teams that are often stretched thin.
About 70% of cybersecurity professionals say the so-called cybersecurity skills shortage has had some impact on their organizations, and this is according to ESG (Enterprise Strategy Group)’s market research. And 63% say the skills shortage has increased the workload on existing staff, which can lead to high burnout rates and staff attrition.
While many companies are recognizing a skills shortage might not be knew, how they respond and manage the ongoing pressure and workload will make all the difference as cybersecurity threats become incrementally more challenging each year.
Want to tweet about this article? Use hashtags #M2M #IoT #AI #artificialintelligence #machinelearning #bigdata #digitaltransformation #cybersecurity #blockchain #healthcare #enterprise #robots #manufacturing #IIoT