How can we respond?
Given this level of risk, security must be the bedrock of every IoT development and deployment, not an afterthought.
First, it is imperative that the CEO sees to it that security expertise is infused into the IoT development process from the earliest stage. Building security into IoT devices and their connecting networks from the start is key to helping to protect a growing IoT infrastructure. This means multiple layers of security controls, including encryption, to help protect mission-critical functions. It also means architecture that is designed to restrict the interdependence of connected systems.
In the connected car example, critical safety systems and engine control units can be isolated so they cannot be accessed through infotainment and communication systems.
Second, it may be that corporate boards and C-suite executives will need to modify their existing cybersecurity policies and systems to accommodate IoT strategies. In any case, IoT strategies must be tightly integrated with wider corporate IT and business strategies. You will need to take steps to timely patch and update software and firmware, and implement controls to identify and contain security breaches as they occur.
To be effective, this integrated security strategy will need to encompass the entire IoT ecosystem, covering not just your own devices, data and applications, but those of your partners and customers as well. In an industrial setting, where IoT sensors, actuators and other devices monitor and control machinery to improve efficiency, this will mean establishing authentication and authorization controls throughout the ecosystem.
Prepared for success
The magnitude of the IoT, and the consequences of a breach, are now so significant that it is vital that businesses anticipate security needs before new devices are deployed. Clear lines of responsibility, consistent security procedures and top-down engagement in IoT security are necessary to avoid problems and deal with inevitable attacks. The attention and involvement of the executive team and board members is a strong indicator of IoT success.