Our resident expert David Mudd, Business Development Director, IoT shares his insights…
Unless you’ve been hiding under a rock, you’ll recently have heard more than the odd mention of the ‘Internet of Things’ (IoT). If you’re already up-to-speed on IoT, look away now… If not, let me explain a bit more about the potential risks and rewards IoT brings to businesses.
What is IoT?
IoT is all about Internet-enabled machine-to-machine communications. But it means more than just connected devices. It is the free exchange of data and discussion/interaction between machines, encompassing machine learning, artificial intelligence, data analytics and machine-to-machine decision-making.
Lost you already? Well, here’s a simple example. Rather than you controlling your lights and heating through your phone, IoT allows the devices in your home to ‘learn’ your habits and preferences, monitoring temperature and daylight, checking on the weather forecast, analyzing gas and electricity prices, and providing you with your ideal environment at the most cost-effective price – without you having to think about it.
The same model applies for businesses. IoT takes the fallible human out of the loop wherever possible, creating improved outcomes at lower cost – and this is where its disruptive benefit lies.
Risk and reward
IoT brings both potential risks and rewards. On the reward side, it offers the prospect of digital transformation of organizational performance and customer/user experience. And this is already underway across manufacturing industry, consumer products and retail, with the majority of business leaders recognizing IoT as strategic to their future.
On the risk side, key threats for IoT are data theft and Distributed Denial of Service (DDoS) attacks, highlighted in May by the WannaCry ‘ransomeware’ cyber attack, which targeted computers running Microsoft Windows by encrypting data and demanding ransom payments in Bitcoin.
Now, an arguably even greater threat lies not in mere denial of service, but in destruction of service (DeOS). In its latest cyber security report, networking giant Cisco warns of a coming wave of computer viruses capable of eliminating organizations’ back-ups and safety nets, destroying businesses in one fell swoop.
“The DeOS breed of virus benefits from the growth of the Internet of Things, which increases ‘attacks surfaces’,” says Cisco. It points to the increasing number, size and complexity of attacks and the relative vulnerability of unwieldy systems with a proliferation of devices, operating systems, connectors/connectivity, versions and protocols.
Need for assurance
In the face of such threats, organizations need the assurance of robust information security – standards that are not merely valid at the time of the last update, but provide ongoing, lifetime resilience.
Through a collaborative approach based on extensive dialogue with all our stakeholders, BSI has developed a solution, the IoT Kitemark, which offers four key strengths. It is:
- Appropriate – risk-based and dependent on use/environment
- Flexible – with a tailored ‘pick list’ of solutions from master scheme
- Adaptable – evolving with technologies, threats and standards
- Comprehensive – covering supply chain, installed systems, and cloud layer/applications.
Feedback on the Kitemark has been very positive so far, with our clients saying it’s what they need. We’d be delighted to hear your views on it as we develop the concept further.