Six Ways IT leaders Promote Cyber Security in the IoT Age

IoT delivers better products and services and improves the internal efficiency of the enterprise. But such gains come at the cost of increased security risks. 

Three out of four corporate managers understand the importance of IoT security. But only one in six regards their company as prepared to face IoT security challenges.

The spread-out nature of IoT opens up several loose ends for cyber attackers. A hacker tampering with a connected customer product may compromise the entire connected network. When critical equipment such as pacemakers is part of the IoT networks, cyber-security becomes a matter of life and death! 

Here are the top ways IT leaders can promote cybersecurity in such a bleak state of affairs.

1. Seek Adequate Budget and Resources

Securing the IoT ecosystem is costly. Often, it requires an overhaul of the existing security approach and infrastructure. 

The onus is on IT leaders to:

  • Make securing the network an integral part of IoT deployment itself, rather than an add-on. 
  • Ensure security considerations dominate IoT buying decisions. The basics can make-or-break IoT security. The ability to change default passwords, apply patches and disable unneeded services on IoT devices improve security in a big way. Never underestimate the importance of physical locks either.
  • Set up network monitoring capabilities to track data flows. Isolate IoT devices into separate logical segments of the network. Watch for unexpected or anomalous traffic patterns. 
  • Convince decision-makers about the implications of weak IoT security. seek adequate funding for the above endeavours.  

2. Fix Responsibility

Effective security requires a holistic approach for the entire IoT stack. Creating it requires initiative from IT leaders. 

Effective IT leaders:

  • Assign specific responsibilities for each team member. 
  • Set up a single, visible point of contact for IoT security-related notifications. 
  • Assign a single point of contact and publicise it. Security researchers often discover network vulnerabilities. But when they warn affected companies, very few take it seriously or follow-up.

3. Collaborate

IoT brings connectivity to almost all physical assets of the enterprise. Corporate IT can no longer secure all network nodes by itself. Most endpoints in an IoT ecosystem are under the control of product teams or the industrial control systems. 

Robust IoT security requires strong collaboration among IT, operations, productions, and other teams. Each stakeholder has a responsibility to make their IoT endpoints secure. 

IT leaders have the responsibility to:

  • Engage in strategic dialogue with supply chain partners, suppliers, customers, and others. Convince partners on the risks and make them realize the implications of a breach. Assign specific to-do lists to improve the security of their endpoints. 
  •  Identify and secure weak links by themselves. Cyber-attackers target the weakest link to harm the entire chain. 
  • Collaborate with legal teams to include IoT-specific language in data privacy agreements

4. Take Lead in Industry and Macro Level Co-Operation

A secure enterprise IoT depends on a secure environment, which is outside the control of enterprise IT. Competitors, governments and regulators all become stakeholders of IoT security. 

Responsible IT leaders:

  • Talk to regulators and prod them to update cybersecurity standards. Existing cyber-security standards neglect most layers of the IoT stack. 
  • Collaborate with competitors and significant others, to pool resources for mutual benefits. 

Several US banks have joined hands to set-up FS-ISAC, an information community. Competing banks share information on security weaknesses, attacks, and successful countermeasures. 

Another banking company brought together several competitors and set up “shared assessments.” The assessments evaluated security technology vendors and delivered efficiency gains for everyone. 

5. Enhance Skill-Sets of Stakeholders 

IoT security is a different ball game compared to securing conventional networks. Lack of established IoT security standards makes benchmarking a non-starter. 

Competence in IoT security requires a mix of operational technology and IT security knowledge. 

Successful IT leaders

  • Help IT team members get the required competence in operational matters. 
  • Train operational experts in IT security. 
  • Work with external players such as universities, to enable employees to develop crossover skills.
  • Set minimum standards for security-specific knowledge and entry-level qualifications for employees.
  • Orchestrate basic awareness campaign for all stakeholders in the IoT ecosystem. A good campaign co-opts infographics, training programs, competitions, and other mediums. 

6. Prepare Contingency Plans

One in three companies lacks a cyber-security strategy that covers IoT. Even those who have such a strategy often struggle to implement it. Three in four companies admit having no capability to prevent, detect, or react to IoT related threats. 

Successful IT leaders are ready with response plans for different attack scenarios. Often, the fallout from an unprofessional response to an incident does more damage than the actual incident. 

Today’s IoT attackers have the capability to strike at the heart of operations. IT leaders have a critical role to play in business continuity management and disaster recovery planning. Their inputs on network security preempt disasters and enable speedy recovery if the worst-case scenarios come to pass. 

In an ideal world, security considerations become part of the product life cycle. Such a mindset requires a change in approach. Driving such change is beyond the powers of any enterprise IT team. But IT leaders have to take the initiative to herald such a culture.

Tags:
Email
Twitter
LinkedIn
Skype
XING
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.