Everyone’s a cyber guardian

Taking control of self-driving cars, stealing data from movement sensors, etc. The IoT makes cybersecurity more relevant than ever. The difference between you and your competition? A reliable cybersecurity strategy.

Why are security risks increasing exponentially?

The rising number of connected devices worldwide, from 20 billion to 30 billion by 2020, is generating more and more data of value to cybercriminals. In addition, the number of endpoints (i.e. vulnerable points) within one company network can reach millions these days, often with outdated devices which have little if any protection. What is more, the responsibility of the company does not end with the sale of a product, but continues throughout its entire life cycle.

In the past, the contract between a company and its customer or product came to an end after a warranty period, for instance. Today, companies constantly generate data from their products and services and process information. Moreover, the nature of connected objects means that incidents not only pose a threat to the privacy of customers or companies. Cyberattacks can even cause health problems relating to pacemakers, for example.

Are we lagging behind?

In many companies, the idea prevails – albeit wrongly – that it is still too early to take precautions regarding the security risks of the IoT. In addition, there is often a great deal of uncertainty about responsibilities: if you distribute a product manufactured by your supplier – often in a different country – are you responsible for cybersecurity or are they? And if your company is responsible, which department should take care of this? Is it the IT department? Or customer services? Or is it a matter for sales?

Cybersecurity in your business model

IoT functionality is now a decisive factor at product level and impacts on your entire business model. In the near future, this will only be considered positive if the relevant cybersecurity aspects are under control, as well.

Here are a few starting points to develop a fully-fledged IoT security approach:

It is important to correctly assess the relevance of IoT security and to recognize and identify the main risks in advance. So it is sensible to chart the most likely attack scenarios. This information can then be used as a basis on which to develop a further strategy. Remember that an unprofessional response to an attack can cause more damage than the attack itself. Companies that suffer an IoT security problem do best to communicate this quickly, openly and transparently.

A minimum IoT security level is obviously necessary in any company department. But clear agreements must be made about the responsibilities as regards IoT security throughout the entire supply chain of products and services. It is best to organize strategic discussions on hard- and software, network infrastructure and applications (interfaces, access for customers) with all parties involved, from suppliers to customers.

Security begins with the right culture and technical knowledge. Security specialists within a company must be up to date with the work of the product developers, the production itself, etc. At the same time, production specialists must have an idea of IT security. It’s a question of pulling down silos and setting up your strategy across the departments.

Facts:

Organizations that use cloud technology or the Internet of Things (IoT), report greater returns from the way they use cybersecurity.

IoT adopters report a 24% increase in financial benefits from having strong cybersecurity including improvements to their business agility.

Source: ‘Cybersecurity: The Innovation Accelerator’, a cybersecurity report by Vodafone