Today’s IoTruth: IoT doesn’t create risks for your organization
IoT (Internet of Things) devices are flooding the market, they’re showing up in every single organization and they’re being used to streamline whole new processes, creating new efficiencies. In fact, they’re creating a whole new set of business models that weren’t possible before.
But the reality is these devices are not secure. They’re showing up everywhere in every organization and they’re not being secured from the manufacturers. As a result, they’re creating open windows into your network. You might ask: why would somebody care if my connected fridge is hacked? Well, let’s talk about it.
One of the big problems that IoT brings to the market today is the problem of scale. When you think of each individual item, maybe it creates a little bit of risk. When you bring them in aggregate, the risk is tremendous. Let’s talk about what happened with the botnet that we all heard about just a few months ago. It took advantage of up to 100,000 IoT devices throughout the world. And instead of trying to steal information from the device itself, they used the devices to attack a website. So think of it as 100,000 of these devices constantly, in a matter of minutes, attacking one website and taking it down by pure volume. That’s the problem of scale. To give you a sense, most of the internet on the east coast of the United States was down for a full day by this botnet attack. A lot of companies were very publicly impacted by this.
You might be thinking, “What about me? Did it impact my organization?” Well, I would challenge you to think about this: how many of these IoT devices do you have in your network? The number is likely in the thousands. Imagine if these devices started connecting directly into your SAP system or your point-of-sale system. They could bring them down. And as such, they’re in fact inside of your firewall so you cannot protect against that. That’s the risk that these devices bring into your organization and they bring it in a matter of scale.
What’s the IoTruth? These devices, while very cool, bring a risk to your organization. You need to be able to see and have visibility to what they are doing in your organization. And you need to be able to have access to control them in order to secure them, in order to use them properly.
Look forward to seeing you in the next session.