What CIOs Need to Know About IoT and Security Risks

What CIOs Need to Know About IoT and Security Risks

Second of a two-part series

The Internet of Things will open up an amazing world. We’ll see industries of every kind adopt the technology and realize impressive results. Here are just a few examples:

  • In healthcare, sensors on medical devices will track the temperatures of medications in hospitals’ refrigeration units to avoid breaks in the cold chain that can render drugs ineffective.
  • Fuel-delivery businesses can monitor the contents of industrial liquid tanks to better plan supply fulfillment dates and optimize customers deliveries.
  • Farmers will be able to deploy sensors in the ground to more efficiently irrigate crops with watering plans tailored to different soil zones.

Businesses that already have IoT initiatives have seen increased revenue around 16% last year in the areas of business affected by the effort, according to Tata Consultancy’s recent report, “Internet of Things: The Complete Reimaginative Force.” 

Securing IoT Devices and Networks

Still, as enticing as these prospects are the question that CIOs must ask are: How secure are IoT sensors and networks? How will IoT sensor data impact corporate networks? It’s a legitimate concern?

Attackers could potentially target IoT devices ranging from:
  • Smart meters
  • Medical products
  • Traffic flow sensors
  • Industrial control systems
  • Connected vehicle systems

A recent report entitled “Security for the Internet of Things: A Call to Action,” by consultancy Accenture depicts disturbing scenarios, such as attackers introducing malicious software or settings to a vehicle’s computing systems that could impact passenger safety. Hackers could also potentially shut down cities by infiltrating supervisory control and data acquisition (SCADA) systems.

Tackling IoT Security Risks

With Accenture reporting that domain attacks might focus on the core network infrastructure and the access network, or exploit vulnerabilities in communication protocols, networks have to be ready for the next step up in security risks that will come along with the introduction of networked IoT devices.

Companies need to move beyond traditional security approaches like perimeter-focused strategies, which can’t stand on their own when there’s no longer a set network with clearly defined edges. It means moving to technologies such as software-defined networking (SDN), which brings to IoT networks not only the performance and efficiency advantages we’ve discussed in this blog, but also security improvements.

How? SDN can be used to virtualize, package and target each IoT device with its own security profile and end-to-end service management processes that can enhance overall network security. SDN controller and IoT device network links can be secured through its centralized programmable control capabilities, as they smooth the path to access control and authentication and make it easier to quickly identify network paths where a breach is detected.

Enterprise leaders also should look to how they might use machine learning and big data analytics as part of their plan to more quickly gain insight into potential threats in IoT environments, where networks and network-connected devices will grow at staggering rates. Intrusions can be pre-empted when components of these technologies are put to work to learn normal behavior, so that abnormal behavior is quickly targeted and correlated with all threat information enterprise-wide in order to take the right defensive measures. 

The bottom line is that security concerns shouldn’t scare your enterprise away from pursuing IoT endeavors. There’s simply too much value to be gained. Any concerns you have should serve only to make you more vigilant in determining that they will be addressed from the start of your IoT initiative.

Learn more about Masergy’s Unified Enterprise Security services.

About Craig D' Abreo

VP, Security Operations, Masergy
Craig oversees the Managed Security, Threat Intelligence and Security Professional Services departments at Masergy. He is responsible for Masergy’s proactive enterprise cybersecurity threat management and operations program. Craig holds a bachelor’s degree in Computer Science and an MBA in Information Security. He is a Certified Information Security Systems Professional (CISSP) with over a decade of experience in the security industry and holds various network security certifications. He has written on various security blogs, spoken on a range of industry panels and is a recognized thought leader in the cybersecurity space.