As more and more enterprises realise the potential and versatility of IoT its rate of deployment is growing exponentially. A report released by Vodafone earlier this year found that 34% of businesses worldwide are now using IoT — 70% of whom have moved passed the pilot stages.
The rapid rate of IoT uptake amongst enterprises looks set to continue, with market analysis by Zinnov predicting global spending on IoT technology-based products and services by enterprises to reach $253bn in 2021.
But with the IoT bandwagon rushing full steam ahead, few vendors or enterprises are pausing to consider the enormous risks around security and digital trust.
What about trust?
Figures from PwC’s Fall 2018 Digital Trust Insights survey revealed that while 81% of respondents said IoT was critical to their businesses plans for growth, only 39% were very confident they are building sufficient ‘digital trust’ controls into their IoT adoption. Furthermore, only 30% listed IoT security among the safeguards they plan to invest in this year.
According to TR Kane, cyber security and privacy partner at PwC US, it’s vital for enterprises and consumers to have the confidence they need in the security, reliability, and safety of these devices.
Does the UK need an IoT regulator?
“It is important to keep in mind that consumers will increasingly rely on IoT devices with their own physical safety; smart cars with internet connectivity are IoT computers that consumers will get inside of and depend on secure design to protect their lives,” he explained. “Similarly, connected and life-sustaining medical devices also need to be designed with security in mind. In the near future and with the proliferation of IoT devices, security weaknesses can result in potential scenarios such as injury or death. Traditionally, physical safety in this form has not been in the province of digital trust, but going forward, it will be.”
Why are enterprises not prioritising ‘digital trust’?
For Kane, it comes down to a lack of visibility among enterprises around what IoT devices exist in their digital environment. This is aligned with fundamental security hygiene of technology asset inventories.
“The tools available to discover IoT devices are nascent in the marketplace—existing security scanning tools are able to discover certain types of IoT devices, but not all,” he said. “Organisations need to achieve visibility into IoT devices in their environment before they are able to have a coherent strategy on risk remediation or mitigation.”
AI and IoT: two sides of the same coin
Kane also believes organisations that design and produce IoT devices seem to have different approaches depending on the nature of their products. For example, the secure design of a life-sustaining medical device calls for an approach that is vastly different from that of a smart light bulb, even though they are both classified as IoT devices.
He added: “The financial impact of unpatched vulnerabilities as well as regulations will continue to shape the priority of organizations that manufacture these products.”
What steps enterprises can take to grow ‘digital trust’?
According to Kane, market leaders have adopted a business-driven cyber security approach. PwC’s May 2019 Digital Trust Insights survey, found the top 25% of respondents — it calls them the trailblazers — are doing three things differently:
- aligning their digital business and cybersecurity strategies;
- taking a risk-based approach;
- coordinating among teams that monitor and manage risks.
“The trailblazers are achieving better business outcomes in digital initiatives, and they have higher expectations for growth compared to other businesses,” said Kane. “Companies that follow the example of the trailblazers will be in a better position to proactively manage cybersecurity and privacy risks as they adopt IoT and other emerging technologies.”
