The Internet of Things goes by a deceptively simple title but includes a vast – and mushrooming – network of physical objects or “things” that connect to the Internet through embedded sensors, electronics and software, allowing them to exchange data with the operator of the object, its manufacturer or other connected devices.
Some are calling it the next stage in the information revolution, a way to make everything in our lives “smart,” from cars, roads and traffic control systems to household appliances and medical equipment.
WIRED® magazine cites the fatal collapse of the I-35W bridge in Minneapolis in 2007, and how the Internet of Things might have warned of the calamity. Steel plates were inadequate to handle the bridge’s load, plunging dozens of cars, trucks and road workers into the Mississippi River, killing 13 people and injuring another 145.
Today, bridge technology can use “smart cement” with sensors to monitor stresses and cracks, alerting engineers to fix problems before they cause a catastrophe.
“If there’s ice on the bridge, the same sensors in the concrete will detect it and communicate the information via the wireless Internet to your car,” says Daniel Burrus, considered one of the world’s leading technology forecasters and innovation experts, and the founder and CEO of Burrus Research.
“Once your car knows there’s a hazard ahead, it will instruct the driver to slow down, and if the driver doesn’t, then the car will slow down for him. This is just one of the ways that sensor-to-machine and machine-to-machine communication can take place.”
Even more cutting edge is not that machines are talking to each other, or to their human operators, but that people are ever more frequently talking to other people “through” machines. This intensifies the security risk of identity theft, impersonation, hacking and other cyber crimes.
So along with its almost limitless possibility, the Internet of Things also poses major security threats.
Part of that is due to the sheer mind-bending volume of embedded devices, a network so far-flung that almost by definition it has places porous to cyber attack. Research firm Gartner Inc. estimates there will be nearly 26 billion devices on the IoT, as it is called, by 2020. Ernst & Young, in its report “Cybersecurity and the Internet of Things,” estimates there will be double that by 2020, more than 50 billion worldwide.
The IoT’s biggest potential Achilles heel is not even its scope, though. Rather, it’s that increasingly data is stored, managed and processed through cloud computing, entrusted to information systems that are managed by external parties on remote servers “in the cloud.”
While cloud computing provides a platform for IoT to flourish, it also sharply heightens privacy and confidentiality risks. The service provider has access to your data, and could accidentally or deliberately disclose it or use it for unauthorized purposes, Mark Ryan reports in the Communications of ACM (Association for Computing Machinery).
A Hewlett Packard study in July 2014 estimated that 70 percent of the most commonly used IoT devices contain vulnerabilities, including password security and encryption flaws.
Takeaway: Hacking used to be the domain of college-aged geeks, but those days are past. Cyber criminals across the globe are concocting new ways to penetrate the security of organizations, to wreak havoc on data and steal everything from intellectual property to customer information. There’s no one-size-fits-all checklist for how to protect your company. But key strategies for handling sensitive data suggest that organizations should:
- Become current on the landscape of cyber crime and be nimble in responding to an ever-changing array of threats.
- Study data, including forensics, and refresh their strategy regularly.
- Rehearse responses to potential attacks by enacting scenarios that test cyber crime firewalls.
- Make defending against cyber crime a priority at the highest levels, with board members and executives focused on providing adequate support to manage the risks.