Internet of Things Security Challenges: What Companies Need to Know

Nancy Anderson
Posted by in Technology


The Internet of Things opens up many exciting new opportunities for companies, but it also poses security challenges that businesses must address. By adding IoT devices to their networks, businesses grow susceptible to potential access points for hackers, which could put the organization at risk of a data breach. Companies must respond to these new security challenges to keep their customers' data safe.

According to a recent security survey by PricewaterhouseCoopers, 70 percent of IoT devices do not have fundamental security safeguards. The lack of consideration given to security in the design of some of these devices could leave them vulnerable to cyberattacks. Security experts have already identified security flaws in many consumer IoT devices, including fitness bands and even Jeeps and other Internet-connected cars. If these security flaws exist in consumer IoT devices, it's likely that the devices companies use to track their vehicles, control inventory and remotely monitor their businesses could also be vulnerable to attack.

Part of the problem is the number of different protocols that IoT devices use to communicate with each other. As recently as a few years ago, almost all devices in a business would communicate via Wi-Fi, which uses a protocol that has been revised through several generations to ensure it is secure.

Today, IoT devices can communicate via Bluetooth, ZigBee, near field communication and other wireless communication options. Some companies have even created their own protocols to allow their devices to communicate, such as Nike+, which connects Nike devices such as smart shoes to computers and phones. These new protocols may not be as secure as Wi-Fi, which means that hackers could find a way to intercept data while it is being transmitted between devices.

If hackers find a way to use IoT devices connected to a company's network to steal customer data, the consequences for companies could be severe. In recent years, several major companies, including Target, have experienced data breaches that resulted in a lot of negative publicity and expense, as hackers were able to steal huge amounts of potentially sensitive customer data.

Experts worry that IoT devices could unlock new opportunities for hackers to steal data as they are always connected to company networks. Human operated devices, such as smartphones and computers, require users to input passwords each time they connect to the network. On the other hand, IoT devices typically undergo a single authentication process, after which they are continuously connected to the company network. If hackers steal a connected device, they may be able to gain access to the wider network, which could allow them to steal data.

IoT devices allow companies to monitor and automate many aspects of their businesses, but they can also pose serious security challenges. Companies must address these security challenges to keep their customers' data safe from possible hacks.

Photo Courtesy of Steven Cooper at Flickr.com

Comment

Become a member to take advantage of more features, like commenting and voting.

  • Nancy Anderson
    Nancy Anderson

    Thanks @Chris and so very true. Technology changes so rapidly that it really is hard for companies to keep up. Companies do the best they can to maintain security and protect against data theft.

  • Chris Auman
    Chris Auman

    I have faith that as technology moves forward companies will find better ways to improve security. Unfortunately, that progress will come with a price tag: data theft. Trial and error is the only way forward and it will be a painful learning experience for many companies and their customers. The list of interconnected devices will only continue to grow and will one day reach areas of business and products no one has even thought of yet.

  • Nancy Anderson
    Nancy Anderson

    Thanks for the comments. @Ryan you are so right. IoT is not going away anytime soon and they certainly will need qualified cyber crime technicians. So if you are thinking of a new career, maybe this might be it. @Sylvia companies do their due diligence when an employee is terminated. Their information is removed including their access to the network or anything else they may have accessed. Companies do a pretty good job at protecting their information.

  • Sylvia L.
    Sylvia L.

    While security is a concern in any organization, I wonder how things like employees leaving impacts security with the loT devices. What measures must be taken to ensure that past employees (especially disgruntled ones) don't access company information once they leave? Has this system been around long enough to catch--and fix-- errors?

  • Ryan Johnson
    Ryan Johnson

    New technology always has potential drawbacks, but that doesn't make it any less useful or exciting. The author already highlighted an extremely important point in the comments section, which is that the concerns from this technology will ultimately result in the creation of new jobs for those in the cyber crime sector. Sure, the risk of hacking is there, but those who are not using the technology maliciously will benefit from added convenience, and there are always going to be trained professionals ready to step in and stop those who are looking to exploit others. I see this as a win-win, as is always the case with advancing technology.

  • Nancy Anderson
    Nancy Anderson

    Thanks everyone for your great comments. It is so very true that this technology is not going away - at least not in our lifetimes. For companies who want to continue growing and earning revenue, investing in their IT departments is the best way to go. Security risks abound with the use of all IoT devices and it's not going to go away. Countries outside of the US spend inordinate amounts of money to hire those techies who have the ability and knowledge to hack into companies' websites and clouds. For anyone who is looking at a possible career in IT, being in cybercrime or forensic science type fields is a great way to go. These devices will become more common and more readily available as times goes on. Remember back just about 10 years ago, when you would buy a computer, you would have to leave it with the store's tech department for them to "build" it. Today, you pick up a computer on the floor, take it to the register and then out the door you go. No tech person looks anymore since computers are more along the lines of plug and play. But how do we know that our computer is secure? Should we have to hire our own hacker as @Lorri suggests? Security issues are only going to increase and we, as consumers, have to be knowledgeable about the risks. And, if you are looking for a job maybe cyber security is your path for secure, stable work.

  • Hema Zahid
    Hema Zahid

    Companies that sell IoT devices need to set up their own security departments that work solely on protecting consumer’s data, if they haven’t done so already. The existence of these departments needs to be publicized and consumers should be able to easily access any recommendations these departments make. It’s all very well publicizing what the latest gadget can do, but it’s time companies and consumers focused on how secure the data on these devices are.

  • Lorri Cotton
    Lorri Cotton

    Having everything connected has its advantages. Data can be transferred from one device to another, and this makes working across platforms convenient. IoT does, however, have disadvantages. Hacking has become a full-time job and they can get into anything, if they work long enough at it. These aren't fatal flaws, however. Companies' IT departments will find solutions as problems arise. The problem is, the solution only comes after the damage is done. Being proactive is the key to keeping your networks secure. Address the security problems before they arise. Anticipate. Hire your own hacker, to test your system and find any security risks.

  • Jacob T.
    Jacob T.

    As we consider the security of connected things, I cannot help but wonder if these large companies, such as Nike, that do no specialize in technology, are agile enough to adapt to evolving threats. Data breaches and cybercrime happens at a speed that was unfathomable even two decades ago, requiring new methods of securing assets.

  • Tara Avery
    Tara Avery

    Since I don't see IoT devices leaving the scene any time soon, and, in fact, it seems very likely that more and more such devices will become common, the question of security really is an important one. Yes, companies need to be aware of potential security threats, and yes, I think there's a whole potential market for security services related to IoT devices, but--certainly at this point--the percentage of users compared to the percentage of people whose security is compromised strongly favors continued use of devices.

  • William Browning
    William Browning

    The security aspect of IoT devices represents an entire industry waiting to explode onto the scene. Any tech-savvy entrepreneurs looking for a great startup should think about going for cybersecurity and encryption businesses that can make these devices more secure. It's not necessarily about physically hacking into a device, but breaking through the wireless connection and cloud-based databases. If companies that rely on IoT devices use some common sense and invest in security protocols, these firms stand to jump to the front of the pack in terms of delivering results to customers and investors alike.

  • CATHERINE S.
    CATHERINE S.

    Unfortunately, most of the time it seems like a big cyberattack has to happen before companies will improve the flaws in their Internet of Things products. I think we really take for granted how trusting we are with using our personal information with these devices. The only way for things to improve in terms of these security challenges is for consumers to become more knowledge about these topics and research the products with the best security features. Thank you for this very informative article.

  • Jay Bowyer
    Jay Bowyer

    As technology gets more advanced and more things are connected to the Internet, companies (and independent security experts) need to focus on keeping data secure. Maybe the need for research into more effective security measures will create a whole slew of new jobs? I can imagine that the number of connected objects will only increase, because it's a convenient feature, after all.

  • Nancy Anderson
    Nancy Anderson

    Thanks for the comments. Not sure what the best reassurance would be. We never really think that we could buy something in Target and use our credit card only to have our information hacked and sold to the highest bidder. I think that the only way to protect ourselves is with common sense. Make sure that you have virus protection on all of your devices. Only use sites that are secure and never purchase from unknown sites until you have really researched them.

  • Shannon Philpott
    Shannon Philpott

    I think that security has been and always be a primary concern for customers and businesses. When looking at the big breaches in the past few years (Sony especially), it makes many customers uneasy about creating online profiles, making payments online, etc. We need more reassurance that the technology we are using is safe and secure, even if it is much more convenient.

  • Katharine M.
    Katharine M.

    Is there anything consumers can do to protect themselves? It sounds like technologists are doing their best, but in the meantime are there any basic safety tips that consumers can adopt? Honestly this is something I haven't thought about much and it's kind of unnerving...we all have a million devices these days.

Jobs to Watch