Channel needs to highlight IoT security issues

The growth in the Internet of Things should be making more users worried about security according to Tripwire

There are two sides to the Internet of Things coin with on one a great excitment about the possibilities connecting everything online could deliver and on the other worries about security and the ability of the infrastructure to cope.

There is no doubt that IoT is going to be one of the main themes of the year and it dominated some of the keynotes from the likes of Sony and Intel at the Consumer Electronics Show in Las Vegas earlier this month.

IoT takes things on from BYOD because this is not only about a wider number of devices, including cars and heating systems, but involves extending the digital reach not just at work but also at home. The blurring of the lines that began with the iPad and smart phones will increase further in the next couple of years.

Bearing that in mind it is perhaps of little surprise that most enterprises are not only expecting to have to accomodate IoT because of the efficiency and productivity argument but just shy of half are also worried about the security risks.

That leaves a large portion apparently not too bothered about the connection of more devices to the enterprise network and a potential job for the channel to do on the education front.

According to a report from security player Tripwire, which quizzed executives in both the UK and US, among those that do acknowledge that there could be data protection issues there are fears that IoT could introduce significant risks into the enterprise as well as concerns that the current defences are inadequate.

Tripwire's research will add to a growing number of warnings that the new way of working is posing its own security risks and the challenge to enterprises is not going to get any easier.

“It’s far more likely that employees will be infected with malware outside the enterprise. Employees routinely use smartphones and tablets on untrusted networks. They download suspicious apps from third-party app stores and then connect to the corporate network over a cheap home router with dubious firmware. The risk of cross contamination from home networks can be very serious unless security controls are enforced. Unfortunately, most people assume that virtual private networks (VPNs) solve all remote connection problems, but this is just not true," said Craig Young, security researcher for Tripwire.

"While consumer-focused IoT devices present minimal direct risk to the enterprise, many of them connect back to a vendor’s infrastructure via the Internet to store user data. Successful attacks against these backend infrastructures provide attackers with user credentials and other information that could enable them to gain a foothold into an employee’s home network," he added.

Meanwhile more evidence has arrived indicating that firms must continue to worry as much about the internal threat as that coming from cyber criminals with 30% of the data breaches in the first half of last year coming as a result of an internal problem.

“All too many businesses imagine threats to their data emanate solely out of the criminal underworld, and are therefore beyond their reach or control. The impact of this is a defeatist attitude: If would-be hackers are bent on accessing my company’s data, what can I really do to stop them? Those threats do of course exist, and indeed are growing, but the most prominent and pertinent threats to businesses’ data relate to human error and data hygiene," said Richard Pharro, CEO of APM Group.

"Cyber security is now an essential part of our interconnected business world and requires the full attention of senior management as pressures increase and mobile integration advances," he added.

Read more on Network Infrastructure Solutions and Services