Internet of Things – The Risk Isn’t Just to Security
There are an increasing number of articles in the business and technical press about two inter-related topics – Internet of Things (IoT), and Big Data (the analytic community, not I, capitalize the moniker). Basically, the thrusts of the articles are:
- IoT (The Internet of Things is the network of physical objects—devices, vehicles, buildings and other items—embedded with electronics, software, sensors and network connectivity that enables these objects to collect and exchange data) – The potential for productivity increases is enormous, possibly the advent of a new industrial revolution
- Big Data (the analysis of massive amounts of data in the belief that it will yield highly profitable insights) – The analysis of the data that is available or becoming available through the IoT, and Internet data collection, can yield enormous increases in both salable services and consumer insight.
I think that both of those statements contain some basic truth. I also think that there is another side of the coin for both IoT and Big Data. The Internet of Things involves embedding data collection devices in all kinds of industrial and consumer tools/items (I’m including things like refrigerators, thermostats, lathes, conveyor belts, bearings and brake shoes – almost anything you can think of). These data collection devices collect data and relay it, via the Internet, to a service provider. For example, your brand new Mercedes/Ford/Kia might have a sensor embedded in the oil sump. If the sensor detects a pre-determined level of metal particles in the oil, the sensor reports that to the car’s central computer, which reports it to your dealer, and lets you know that you need to have your engine serviced. Your dealer sees the report and orders a diagnostic that is run by your car’s central computer without you having to come in. Your computer (I’ll call it Hal in this example) uploads the results of that diagnostic to the dealer and he checks availability of bearings or rings or whatever is making the metal particles (as reported in the diagnostic upload). You link to the dealer, via an app in your car’s system, make an appointment and take the car in. The parts are there and ready – presto. Turn around time is minimal and you’re back on the road. Cool.
The problem is that there are many ways in which the data uploaded from your car’s central computer can be intercepted by unfriendly lurkers on the Internet. Locking on to that stream, they (the lurkers) could see when you will be out of your house and, using information hacked from your car, get your address and liberate your Internet-connected HD wide-screen TV and great grandma’s pearl necklace.
Further, Big Data analytic techniques will become available to hackers (if they aren’t already) and they can use those techniques to develop patterns of behavior and schedules for attractive targets. This will make burglary more productive and efficient – see, the Big Data folks are right – Big Data can improve productivity.
For businesses the problem can be even worse. IoT sensors in your production line can provide an entry to your entire corporate network, creating avenues of access to your human-resources records, your financial records, your financial accounts, your authorization processes and even your intellectual property. Then, Big Data techniques can, again, make the hackers more productive by teasing out patterns within your data that makes it easier and simpler (and less detectable) for them to compromise (the technical term is “rip you off”) your corporate viability (ransomware, stealing IP or PII).
Cyber security is a major deterrent against cyber crime – crime that is being, unintentionally, enabled by the IoT and Big Data. Companies and individuals must deliberately and thoroughly consider cyber-security when purchasing and installing IoT-kinds of devices. Does the device have security “designed in”? Can “you” control the security settings of the device? Can you control the device’s access to the Internet?
After all those questions are asked and answered, it remains important to have a plan in place to guide you when (not if) someone successfully penetrates your network. As with all disaster preparedness, it is most important to think. Predict.Plan.Perform.®
Test your cyber-security plans on May 25 from 2-4 p.m. by participating in a Firestorm Virtual Cyber Exercise. The 120-minute interactive exercise, designed for organizations of all types, will stress-test leadership team response in a simulated cyber-crisis. The panel of experts will guide participants through a series of escalation events, with participants applying their own crisis management and cyber-breach response plans to each stage. The scenario includes time for participating teams to analyze and work through the problem. Learn more about the Virtual Exercise and register your crisis-response team.