Blogpost

Data & Cybersecurity, Internet of Things (IoT)

Approaching IoT Security Risks

In case you haven’t heard, Internet of Things (IoT) adoption is soaring. This mobilization has cybersecurity and third party risk management implications that are often overlooked.

By 2030, McKinsey research projects that IoT applications “could enable $5.5 trillion to $12.6 trillion in value globally, including the value captured by consumers and customers of IoT products and services.” But there’s more than meets the eye when assessing IoT’s costs and benefits, according to McKinsey’s consultants and to Shared Assessments Senior Advisor Charlie Miller.

What to know about cybersecurity blind spots

The McKinsey figure appears in a 90-page survey report on IoT opportunities. The study is a follow-up to the firm’s noteworthy (and similarly hefty) 2015 report on the topic.

The new report emphasizes that the COVID-19 pandemic “serves as a market shaping force” that accelerated IoT adoption. That assessment jibes with Miller, who recently shared his insights on IoT-related risks with a Threatpost reporter researching an article on “data protection blind spots” that vex small to mid-sized companies.

“The adoption rate of IoT devices, sensors and applications across all industry sectors — including consumer products, manufacturing, transportation, healthcare, medical devices and more — was staggering prior to COVID-19,” Miller says. “It’s soared even more since early 2020, thanks in part to the work-from-anywhere model so many organizations adopted in response to the pandemic.” That working model transformation along and the increased capacity provided by 5G networks help explain why the projected number of global IoT devices is expected to exceed 30 billion by the end of this year,

Miller adds. “This doesn’t mean that individuals and risk managers should shy away from this growing security risk.”

Security issues along with data-privacy concerns (which include GDPR and CCPA compliance obstacle) feature prominently on the short list of IoT-adoption obstacles identified in McKinsey’s newest IoT report. “Consumers, enterprise customers, and governments are increasingly concerned with IoT cybersecurity, as the rising number of connected end points offer vulnerable points for hackers to exploit,” the report indicates. “Addressing this challenge requires security to be built in from the ground up, through every layer of the stack.”

What Risk Management should consider when approaching IoT security risks

Miller emphasizes that it is imperative to maintain a holistic and balanced risk management approach involving IoT assets, especially given “that the threat landscape changing every hour.” He encourages risk professionals and their operational colleagues to get a clearer view of their IoT risk management activities by taking the following actions:

  • Know the security features of the IoT device before you connect it;
  • Know all devices that are connected to the network;
  • Isolate devices with little or no security to a sperate network;
  • Ensure you change the device default and or network router passwords;
  • Update and maintain software with latest available versions; and
  • Ensure you can disable the device if necessary.

Miller also suggests that risk professionals monitor NIST’s ongoing IoT security efforts (especially the NIST Cybersecurity and IoT Program) and to keep A New Roadmap for Third Party IoT Risk Management – a “leading practices” report based collaboratively produced by Shared Assessments and The Ponemon Institute — close at hand.

Blog Footer Cybersecurity