The Internet of Things: There are no Great Rewards without some Risk

Mark Blower | Empired
The Internet of Things (IoT) has gone from being a futuristic buzzword to a business reality in a short time, and it presents significant opportunities for franchisors who can harness it’s capabilities and manage the associated risks.
The IoT refers to the plethora of connected devices that transmit data over the internet with little or no human intervention. There are already plenty of examples of IoT applications in use around the world. Home automation solutions have proven popular: for example, smart thermostats that learn the routine of a family and automatically adjust the temperature based on weather conditions as well as when the family is at home or out, sleeping or awake, etc.
Future applications could include things like smart parking systems, where a driver who enters a parking station is immediately notified of the location of available parking spaces, which are sent to the car’s GPS or smartphone. The driver is then guided directly to that spot. This can remove much of the stress and inefficiency associated with trying to find a carpark, particularly during busy times of the year.
Earlier this year, Gartner predicted that Australia will triple its use of IoT devices in the next three years. Throughout the world, there will be more than 20 billion connected IoT devices by 2020. The growth rate is phenomenal and customers will be responsible for 63 per cent of these installations, while businesses are responsible for the rest.1
IoT devices and sensors create myriad business opportunities. Importantly, they can help reduce operating costs. For example, smart sensors can change the settings of a restaurant based on how busy it is. So, rather than have the air conditioning on high all summer, and the lights simply on or off, smart sensors can tell the air conditioner to take a break when there’s not many people in the restaurant, and can dim the lights when the sun is shining bright. This reduces energy costs without impacting the customer experience.
For businesses that have inventory on hand or in storage, manual processes such as stock-takes will become a thing of the past because IoT devise can track inventory and identify changes, even going so far as to automatically order more stock when required.
With business experts united in their assessment that the IoT will help rather than hinder businesses of all types, the next question for many business owners is not whether to implement IoT devices but when, and what type.
However, the question most often overlooked by businesses is how to maintain strong cybersecurity in a landscape with so many billions of connections.
Each individual device creates a potential entry point for malicious hackers to target an organisation. The risk of being attacked now includes anyone plugging any device into a company’s network. This makes it difficult for businesses to secure their networks with any degree of certainty.
The risk is exacerbated by bring your own device (BYOD) policies embraced by so many organisations. Business leaders and IT managers are still struggling to manage employees’ desire to use their personal devices, including laptops and mobile phones, without control over the hardware or software installed, and limited password protection to safeguard valuable company information. IT teams struggle to offer the same level of protection across the many different devices plugged into the network.
IoT devices aren’t necessarily built with strong security in mind and many businesses simply connect them to the network without even changing the factory settings. This creates massive vulnerabilities in the network for hackers to gain access. They simply use an easily-available piece of software that scans the internet for devices that haven’t had their factory security settings changed. They can then use that device to launch a distributed denial of service (DDoS) attack. This approach has already brought down large sections of the internet.
Numerous IoT devices may be unnecessarily implemented by organisations that do not have a true understanding of security, introducing vulnerabilities for malicious attacks. For example, Empired recently had a customer whose point of sale system was attacked and customer credit card details were stolen. The hacker gained access through the air conditioning system, which was connected to the network for monitoring purposes. There are also famous examples of connected light bulbs providing easy entry points for malicious hackers.
Organisations must be cautious of any device connected to their network that is not considered a corporate device. For example, wearable technology such as watches and fitness trackers, plus closed-circuit television (CCTV), programmable logic controllers (PLC), and operational technology (OT) can all post a potential security risk if not properly secured. However, it’s impossible to secure these devices if the organisation doesn’t know they’re being connected. This means education is crucial to network defence.
To protect the network, businesses should implement a policy of nominated individuals who must approve how, when, and what technology can be plugged into the network. Employees must be frequently reminded of this policy.
It’s important for employees to understand that every device connected to the network has the potential to bring the company into disrepute by introducing risk and allowing hackers into the environment.
Organisations must constantly be on the lookout for anything that may be vulnerable and for new technologies to implement to ensure the company is protected against IoT connectivity hackers. At an absolute minimum, businesses should demand that the factory security settings of any device, whether an employee-owned or company-owned device, be changed. This includes changing device passwords and, where practicable, introducing two-factor authentication.
Franchisors should have policies and procedures in place to cope with breaches regardless of the source. They should follow an internal threat management process to mitigate the risk and prevent further breaches.
Mark Blower has more than 15 years’ experience working in the ICT industry with the last six years working as a national manager of networks and security teams, providing services to over 20 clients with more than 5000 network devices.
Empired provides information technology solutions across Australia, New Zealand and North America. Specialising in the design, development and integration of business knowledge, information technology and creativity, Empired works with organisations to improve productivity, empower staff, streamline and automate business processes, and deliver operational efficiencies for businesses in all industries.
08 6333 2200