by Marco Antonio Cavallo

Understanding the benefits and threats when building an IoT strategy

May 22, 2017
Internet of ThingsIT Strategy

The Internet of Things (IoT) market continues to gain momentum, both growing in total connections and into new business and consumer application segments, but still CIOs and other IT leaders diverge on what are the real benefits of this technologies for the business and, mainly, what are the potential risks.

head scratcher strategy thinking
Credit: Thinkstock

The Internet of Things, or simply IoT as commonly known, has introduces to the market a large range of benefits to consumers, and industries besides the potential to completely change the ways that consumers and technology interact in every fundamental way. In a close future, IoT is very likely to converge both virtual and physical worlds in many different ways that are currently hard to understand. The year of 2017 will mark a great inflection point for the development and adoption of IoT Technology, once it has presented a significant move over the past 12 months. On August 2015, there was too much hype surrounding the technology, even though many speculated that the public adoption of IoT devices would still take years to happen. On the 2015 Gartner Hype Cycle for Emerging Technologies, IoT appeared on the top peak of inflated expectations, but That same situation didn’t happen in the 2016 Gartner Hype Cycle for Emerging Technologies, in which IoT didn’t even appeared, which made many CIOs and IT leaders to question if this isn’t just another over-hyped technology that will never go mainstream. 

That same situation didn’t happen in the 2016 Gartner Hype Cycle for Emerging Technologies, in which IoT didn’t even appeared. However, according to a recent research conducted by Morgan Stanley Research, around 95 percent of the industry is already preparing for a wide manufacture and introduction of IoT devices and related hardware to the market in 2017. Moreover, this same research has surveyed 117 key executive designers responsible for the engines of IoT growth in 2016 and has found that 90 percent of them are incorporating connectivity features in their new product designs. The average lead time for a new product to be released is from 12 to 18 months so, based on this data, the inflection point for IoT devices can be forecast to be on the second semester of 2017, experiencing a significant growth acceleration in early 2018, and that is not surprising given the benefits that IoT can offer to companies. According to a study conducted by Cisco in 2016, the business benefits global executives believe IoT will positively impact within their companies include many different topics, such as operations efficiency, customer service improvement, enhance collaboration among others as shown on the list below with the main benefits of IoT:

Operational efficiency: 46%

Customer service: 34%

Intra-organizational collaboration: 31%

Strategic decision making: 29%

Proftability: 25%

Revenue growth: 24%

Innovation: 23%

Employee satisfaction: 22%

The imminent introduction of devices and sensors that capture data in what were once intimate places, such as cars, schools, homes, and now with wearable and ingestible technology, even the body, creates specific challenges and issues from a security and privacy perspective. It’s a certainty that consumer will most likely keep their privacy as physical devices and other objects in our daily routine increasingly collect and share information about them. Further to that, companies don’t want to have their most valuable asset – information – exposed to hacker attacks to the cloud. The Morgan Stanley research shows that Cybersecurity is the number one concern when adopting IoT. The main concern topics found on this research are listed below:

Cybersecurity: 46%

Lack of standartization: 35%

Legacy installed base: 34%

Upfront investments: 30%

Lack of skilled staff: 24%

Data integrity: 23%

Internal systems issues: 18%

Liability of current technologies: 15%

The security of data is a growing concern for every business segment and for every company within the market, but even more so for consumers who are willing to rely on universal connectivity. Manufacturers are also concerned about the IoT’s potential vulnerabilities, but the question that remains is: what kind of threats is IoT about to face? It’s possible enlist IoT threats under three different categories:

  • Privacy
  • Security
  • Safety

According to many industry experts, the security threats of the Internet of Things are broad and potentially even crippling to systems. By having critical infrastructure components, IoT is a potential target for national and industrial espionage, as well as denial of service and other types of attacks. Another major area of concern is privacy with the personal information that will potentially reside within networks, Big Data and the cloud is also a potential target for cyber attacks. IoT is still a technology in development, and that must me taken in consideration when evaluating its security needs and requirement. Many devices are connected to the Internet and sending data and information to the Cloud, and that will definitely increase. With the advent of contextual data sharing and autonomous machine actions, IoT will become the allocation of a virtual presence to a physical object, and these virtual presences will begin to interact and exchange contextual information. Connected devices will start making contextual-based decisions based on through this device, and so, it will lead to very physical threats, around domestic infrastructure, possessions, such as homes and vehicles, water supply, electrical power amongst others. It’s important to comprehend that this imminent rise of an interconnected environment will cause the lost of physical security of the connected devices, once such devices will be placed in inhospitable environments which are likely for attackers to potentially intercept, read or change and steal data by tampering with control systems and change functionalities.

These threats are very real and imminent and it’s possible to mention some quite recent examples, such as one in which researchers have hacked into two cars and wirelessly disabled the brakes, turned the lights off and switched the brakes full on, all done beyond the driver’s control and will, or, in another situation, a luxury yacht was pulled off its original course by researchers hacking the GPS signal that it was being used for navigation. Even home control hubs have been found to be vulnerable, in which hackers managed to alter heating, lighting and power systems, as well as door locks, and other situations involving industrial control systems being hacked through their wireless network and sensors. What can be done to prevent such threats? Unfortunately, IoT threats will always exist as they exist within other technology innovations. The first step is by using security tools such as data encryption, strong user authentication, resilient coding and standardized and tested APIs that react in a predictable manner is a way to enhance IoT environment’s security against cyber attacks or data leakage. The next step is applying security tools to he connected devices. In a better perspective, the IoT is quite similar to BYOD, and so it is passive to suffer the same security issues as traditional computers, but IoT devices usually don’t have the capability to defend themselves and might have to rely on separate devices such as firewalls and intrusion detection/prevention systems. Creating a separate network segment is one option.” This lack of security tools on the devices themselves is precisely the reason why what securing the IoT can be more challenging than other types of security initiatives, due to the fact that if a hacker gets the physical access to the device, the security concerns rise significantly. Another issue is the fact that most IoT technologies providers have not designed security into their devices, making them vulnerable even to the most common top 10 web vulnerabilities listed in the OWASP (Open Web Application Security Project). The security of IoT systems must be considered a foundational topic while planning to implement it, containing rigorous validity checks, data encryption and verification and different levels of authentication. Creating stable, reliable and resilient codes is also a very important feature at the application level, including all the compliance standards and testing phases.

The Internet of Things opens a wide range of opportunities and new markets to be explored, new forms of interaction among different systems and a significant improvement to UX in the cloud generation, not to mention the data that companies can acquire through it, but having a solid and safe structure that is built from the bottom to the top is a necessity to ensure a secure and safe IoT with customer privacy protected, or more threats will be created with every device added to the IoT system.