How to secure IoT devices: 6 factors to consider

While Internet of Things devices can unlock great insights and value from the data collected, cybersecurity must be built in from the start, according to a report from the Indiana IoT Lab.

Why cybersecurity must be built into IoT initiatives from the start IoT increases the risk of cyber attacks. Here's what companies need to do to stay safe, according to John Wechsler, founder of the Indiana IoT Lab.

The Internet of Things (IoT) continues to expand: By the end of 2019, more than 14 billion connected devices will be in use, with that number reaching 25 billion by 2021, according to Gartner. While connected devices have the potential to help enterprises unlock great insights and value from the troves of data they collect, they also massively expand the cybersecurity attack landscape, according to the Indiana IoT Lab's State of IoT report, released Wednesday.

Research shows the vast majority of commonly used IoT devices contain vulnerabilities, including password security, encryption, and authentication issues, John Roach, director of the data analytics practice at KSM Consulting, wrote in the report.

SEE: The Power of IoT and Big Data (Tech Pro Research)

"The key to making IoT a success is balancing innovation with security," Roach wrote. "All technology involves the acceptance of rational risk, and IoT is no different. The value of IoT, which is increasing and strategic, must be balanced against its risk. An overemphasis on security can limit the potential of IoT and insight that can be derived. A careless or rushed implementation can put organizations and individuals at risk."

Developing an IoT-ready cybersecurity system involves considering the organization's broader network, including clients, customers, suppliers, vendors, collaborators, business partners, and former employees, Roach wrote, as failing to protect every part of the business ecosystem can put everyone at risk.

Employees responsible for IoT cybersecurity should consider the following factors, according to Roach:

  1. Designing and implementing a threat intelligence strategy to support business decisions
  2. Fully understanding vital assets and the value of their protection
  3. Using data analytics to anticipate where and when threats are most likely to occur
  4. Implementing system architecture approaches that prevent unauthorized access in one area of the technology from proliferating through the entire system
  5. Ensuring all those within the organization understand the need for strong governance, user controls, and personal accountability
  6. Developing a well-functioning Security Operations Center to help detect threats, produce relevant reporting, and enable better decision-making, risk management, and business continuity

"The most important premise to remember is this: When everything is connected, everything is at risk," Roach wrote. "Those who successfully innovate with IoT will take all necessary precautions to ensure security and privacy implications are addressed and safeguarded—for their benefit and for the common good."

Also see

istock-958122884-1.jpg
Image: iStockphoto/NicoElNino

By Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.