How IoT Cybersecurity Can Make or Break a Business

The Internet of Things (IoT) offers huge potential for both businesses and consumers. By 2020, Gartner predicts that 20.4 billion connected devices will be in use.

While this figure and IoT’s exponential growth rate are impressive, it’s important to not lose sight of one of the technology’s biggest concerns: cybersecurity. Let’s examine how this issue is already affecting the IoT industry and anyone who comes into contact with it.

Extraordinary Risks for Everyone Involved

IoT development is expanding into more industries every day. In turn, this is opening up unprecedented opportunities, benefits—and vulnerabilities. Because of the proliferation of IoT devices, security breaches have more avenues to occur than ever before.

Whether it’s virtual voice assistants, home security systems, washing machines, simple key fobs, or powerful manufacturing robots, everything is susceptible to hacking. But even though they’re aware of this monumental problem, companies consistently come up short on a solution. There are many reasons for this.

The hard truth is that many IoT organizations treat security as an afterthought. And it shows in their actions. When it comes to cyber risks and breaches, most businesses take a reactive approach; their attention on the matter only comes after the attack.

With this being said, it’s no surprise that many companies treat their IoT strategy and implementation with the same level of care. Most consumer product companies see security as a place to cut costs and boost profits. After all, it’s convenience that keeps customers using their products.

As a result, while other facets of the technology have improved and flourished in recent years, IoT security has seen very little progress. This dangerous money-saving tactic and misdirected effort only lead to one conclusion: someone, whether it’s the companies or the consumers, will pay the price in the long run.

Nobody Wins a Race to the Bottom

Darren Guccione is the co-founder and CEO of Keeper Security, a password manager. He says that companies that fail to protect their information can end up suffering some irreparable consequences: “Because they secure sensitive, personally-identifiable information, a company is a fiduciary of that information. That means they have a fiduciary responsibility to safeguard that information. Failure to do so, especially for a small to medium-sized business can be catastrophic.”

Guccione estimates approximately 60% of small companies that fall victim to a data breach go out of business in 6 months. And while larger organizations don’t have to shutter their doors right away, they do experience irreparable brand damage, a drop in customer loyalty, and expensive litigation costs.

To see this in action, look no further than a recent incident involving to manufacturer CloudPets and Walmart, eBay, and Amazon. After it was discovered that two million recorded messages from CloudPets’ connected teddy bears were susceptible to being breached, all three of the retailers pulled the product from their shelves.

Robert M. Lee is founder and CEO of industrial cybersecurity company Dragos Inc. He’s also a former U.S. Air Force cyberwarfare operations officer. Lee believes cost is the main culprit to blame. “Many IoT vendors have completely sacrificed security to lower cost. Instead of building security in as we already know how to do, IoT vendors are compromising on it.”

G. Mark Hardy, an instructor on cybersecurity and president of Seattle-based National Security Corporation, agrees. And he doesn’t see this issue changing without establishing standards: “As most devices use IP (internet protocol) for communications, it is unlikely that a proprietary standard will emerge. That suggests a ‘race to the bottom’ in manufacturing and marketing costs for most IoT technology in the absence of enforceable patents.”

Misdirected Efforts

When cost isn’t the main issue, a lack of corporate understanding and oversight are often there to take its place. The National Association of Corporate Directors (NACD) recently conducted a survey of 500 public company directors. Only 52% were confident they understood cybersecurity risks efficiently enough to oversee their management. But that’s far from the only alarming statistic.

In 2017, IDC led a survey of 600 organizations that each employed more than 500 people. More than half of the participants experienced at least 10 security incidents each week. But 75% admitted to not having an official incident response plan in place.

“We need to have an ‘always present,’ ‘always on’ mentality, but people don’t think about it until they encounter an event,” says Ted Schneider, CTO of resource management solution provider ARCOS LLC.

Some experts argue that fixing this requires more focus on combining physical security and cybersecurity so that systems can be managed more easily. “By managing security holistically, companies improve coordinated response and recovery,” says Hardy.

But Lee disagrees with this; to him, the resource misdirection comes from companies thinking enterprise IT and industrial security are the same thing. “There needs to be an awakening that almost every company is an industrial company,” Lee explains. “As we connect more and more with IoT, we’re opening up risks.”

The Potential for Profit or Peril

The opportunities that IoT brings for both companies and consumers is undoubtedly immense. But when companies skimp on cybersecurity investments, they’re failing to invest in properly protecting their customers, and in turn, protecting their business’s future.

Proper understanding and oversight are required to drive IoT security resources in the right direction. And accountability is needed to make tangible improvements happen.

Emerging startups and companies that tackle this looming security crisis stand to provide profound market value. And there is no shortage of them trying. Current endeavors include systems that combine physical and cybersecurity into one dashboard-like interface as well as an AI that streamlines monitoring activity.

It’s unclear at the moment which route is best. But one thing’s readily apparent: Whoever accomplishes this will become critical to the future of many companies and provide peace of mind to millions of individuals.