The expected big boom of the Internet of Things (IoT) brings a lot of security concerns for companies. Researchers say there are other things to do first.
Andrzej Kawalec, head of security research and chief technology officer at HPE Security Services, said in an interview with ComputerWeekly that most companies should first bolster their IT infrastructure, cloud back-ends and mobile apps. “Although there may be an immediate threat to business due to some consumer IoT device that’s been adopted, most businesses will only face this in around five years’ time,” he said.
This poses a double-edged knife to companies. While the time frame of five years sounds great, giving plenty of time for preparation, we all know that organizations often neglect their security until it is already too late. Plus IoT is already here and there are quite a few early adopters who use healthcare, travel and other gadgets. The transport industry, hotels and many more are also slowly start to use more and more smart devices and sensors in their daily operations.
“In preparation for IoT, companies should ensure they are patching their basic infrastructure, monitoring cloud applications and user bases, and developing secure mobile applications. Our research shows these are among the things that few companies are doing well,” Kawalec said.
According to Kawalec these are the pre-cursors to IoT and companies should get better at them quickly. Otherwise they risk huge issues when the IoT train gathers full steam. Then the companies will find themselves poorly prepared for an entirely new and challenging paradigm where intelligent devices and threats for them are everywhere.
Kawalec noted that typically companies show a “poor understanding of what their digital assets are and the likely cyber threats, as well as a poor understanding of the risk associated with adopting new technology and of new and emerging legislation”. It is a opinion commonly shared by security experts for years now. Sadly, the organizations don’t seem to really try and step up their game. At least not as fast enough as they should.
“As a result of these compressed development cycles, security requirements are becoming even more overlooked than they used to be in the past. The development imperative is time and availability, not security,” he adds. It is definitely an interesting point.
Even more challenging for the companies is the lack of enough qualified IT security specialists. They are not nearly enough to cover all companies let alone more specific threats or challenges. As a result top IT security employees are a sought commodity.
Image credit: Flickr (CC) / Dave Herholz