The Internet of Things (IoT) continues to expand: By the end of 2019, more than 14 billion connected devices will be in use, with that number reaching 25 billion by 2021, according to Gartner. While connected devices have the potential to help enterprises unlock great insights and value from the troves of data they collect, they also massively expand the cybersecurity attack landscape, according to the Indiana IoT Lab’s State of IoT report, released Wednesday.

Research shows the vast majority of commonly used IoT devices contain vulnerabilities, including password security, encryption, and authentication issues, John Roach, director of the data analytics practice at KSM Consulting, wrote in the report.

SEE: The Power of IoT and Big Data (Tech Pro Research)

“The key to making IoT a success is balancing innovation with security,” Roach wrote. “All technology involves the acceptance of rational risk, and IoT is no different. The value of IoT, which is increasing and strategic, must be balanced against its risk. An overemphasis on security can limit the potential of IoT and insight that can be derived. A careless or rushed implementation can put organizations and individuals at risk.”

Developing an IoT-ready cybersecurity system involves considering the organization’s broader network, including clients, customers, suppliers, vendors, collaborators, business partners, and former employees, Roach wrote, as failing to protect every part of the business ecosystem can put everyone at risk.

Employees responsible for IoT cybersecurity should consider the following factors, according to Roach:

  1. Designing and implementing a threat intelligence strategy to support business decisions
  2. Fully understanding vital assets and the value of their protection
  3. Using data analytics to anticipate where and when threats are most likely to occur
  4. Implementing system architecture approaches that prevent unauthorized access in one area of the technology from proliferating through the entire system
  5. Ensuring all those within the organization understand the need for strong governance, user controls, and personal accountability
  6. Developing a well-functioning Security Operations Center to help detect threats, produce relevant reporting, and enable better decision-making, risk management, and business continuity

“The most important premise to remember is this: When everything is connected, everything is at risk,” Roach wrote. “Those who successfully innovate with IoT will take all necessary precautions to ensure security and privacy implications are addressed and safeguarded–for their benefit and for the common good.”