Before the end of the year, there will be 8.4 billion connected objects in the world. Experts believe this number will rise to 46 billion by 2021. With this explosion in sight, we’re once again faced with the question: How vulnerable is the internet of things (IoT)?
IoT is the term used to describe devices—like road markers, refrigerators, locks, printers, toys, cameras, thermostats, etc.—that are connected to a network or the internet, and that can communicate with users or each other, with or without human intervention. There’s a lot of excitement surrounding their revolutionary use, but there’s also growing (and legitimate) concern about the risks and vulnerabilities of these devices.
Connected objects are equipped with integrated sensors and can record, generate and send information in real time about their environment and any changes to its status. Companies can leverage this data to make predictions, adjust their service offer in real time, anticipate maintenance and procurement needs, etc.
Worrisome vulnerability
According to Roger Ouellet, who designs solution and oversees the security practice at NOVIPRO, businesses don’t pay enough attention to security issues. “Why would my business be attacked? Why should we invest in a more sophisticated backup system? These are the things we hear from executives who naively underestimate the risks that their companies are exposed to.”
The vulnerability of your IT infrastructure is necessarily linked to IoT. Most devices with physical connects (routers, surveillance cameras, printers, etc.) are not safely secured. They often come with a default password that can’t be changed, an unencrypted connection or internal software that can’t be updated.
Roger Ouellet finds this situation particularly regrettable. “The small businesses that develop thes devices generally don’t have the skills for stable and safe coding. Security is not their mission. They have neither the time nor the ability to track, verify and anticipate security breaches. That means you have to oversee the protection yourself, since the devices can’t.”
Short on security
As it stands, the number of companies that implement appropriate security measures is smaller than you’d think. “When it comes to investing in security, most businesses do too little too late. The often take action only after disaster strikes,” explains NOVIPRO’s solutions designer. “Managers are increasingly aware of network security issues, but few are ready to move forward with good protection measures.”
What’s at stake? The privacy of data about the company, its employees and its clients. And that’s not all. In addition to stolen information, there’s also e-vandalism. “If a server goes down after a malware intrusion, you could lose a week’s worth of key data or even experience a service outage,” says Ouellet. “This can be extremely detrimental to a business.”
Transforming practices and mentalities
According to Ouellet, today’s business security standards are too low and a radical change in practices is needed. We should remember that there are millions of smart but vulnerable devices on the market, and they’re often at the heart of businesses and industries.
Ouellet doesn’t mince his words when he says that the weakest link in a company’s IT security is the human factor. “In 95% of cases, problems are caused by employees who open spam or infected files. Standard antiviruses don’t do much anymore. Managers and employees need to be aware of the risks so that they can avoid them,” he says, adding that NOVIPRO is currently working on practical courses on this topic.
Concrete solutions
Informing staff about the key principles of information security is still essential, since implementing basic best practices can help you keep risks to a minimum. So, how do you do it? “First you should carry out an audit, then develop a security plan,” explains Ouellet. “Securing your IT equipment internally can prevent an employee from accidentally opening a breach.
Keeping businesses safe goes beyond securing individual workstations. A holistic approach is required and business continuity should be a top priority.
Read the next article of our IT transformation series : Externalizing your IT services without losing control.