[SOUND] There is no question that the rapid rise of IoT is more then just a digital disruption that impacts businesses of all sizes. In fact, IoT presents numerous opportunities for organizations to improve in total efficiencies, serve customers better, enter new markets, and even build new business models. David Rowan, in his interview, stated how if something involves processing and transmission, then it is something his company is concerned about. In some ways, that shows that most organizations are in the early stages of adapting their offerings to the new IoT world. However, over time, the IoT ecosystem will become very complex as more and more IoT devices will come online. We are already seeing this in the healthcare sector, where a patient's blood pressure can be monitored through sensors and sent to remote servers. As IoT devices become crucial for keeping up with fast evolving markets, business and technology leaders must be mindful of the security implications of this new technology. The scale of connected devices greatly increases the volume of data and the complexity of cybersecurity. The challenge grows further as IoT devices are deployed to control infrastructure such as factory operations and supply chains. You will learn more about these issues over the next few weeks.
Cybersecurity is already a major concern for companies. But IoT deployments make it much tougher for executives to answer the question that corporate boards are asking with growing frequency. That is, has IoT increased their exposure to cyberthreats? A major reason as to why this is such a difficult question to answer Is that most executives are not overly familiar with the challenges IoT presents. There are a couple of reasons for this. In many ways, as you have seen through your readings and lectures already, parts of IoT have not been well defined. There is also an absence of frameworks that would help an organization to identify IoT related risks and put the proper controls in place. However, that is changing. AT&T has a four part framework that is able to gauge IoT related risks. Other companies are coming up with something very similar. The steps are assess your risk.
In this step, an organization conducts a comprehensive risk assessment, that incorporates IoT into an overall risk profile. Secure both information and connected devices. In this step, companies need to realize that they need to move beyond regular data protection.
IoT introduces the need to consider device related risk and security. This is because IoT devices do not just generate data, but also interact in new ways with the physical world such as controlling the flow of water or electricity. As a result, an organization needs to consider operational security threats, as well as information security concerns. Align IoT strategy and security.
This step highlights the notion that IT and business strategies must be tightly integrated and complementary. IoT effectiveness can be undermined if an organization is not fully engaged in the effort from the top down.
This means that multiple stakeholders in an organization need to be represented. They include, the IT security team and business units, along with the executive officers and board of directors. Identify legal and regulatory issues. As companies explore the risk and security demands associated with IoT, they also need to consider the legal and regulatory requirements and exposures.
Most companies already understand the liabilities they face if, for example, they allowed the theft of social security numbers or medical files.
In many ways, the brave new world of IoT is in its infancy, from the point of view of policies and procedures, all aspects of our lives will be impacted by it. Which means organizations will need time to come up with IoT deployments that are effective as well as secure. [SOUND]
0 Comments