Study: Rush to connect to Internet of Things could open security gaps by Ally Marotti

23/02/2016 07:32

The rush by companies eager to incorporate the Internet of Things in their operations could introduce potential cybersecurity threats, according to a study released Monday.

Eight-five percent of businesses are exploring or implementing connected devices, but only 10 percent of companies surveyed are confident in the security of those devices, the AT&T study found. The study surveyed 500 companies around the world with at least 1,000 employees.

The Internet of Things refers to the growing number of devices connected by the Web to users and to other devices. Home thermostats controlled by an app or Web-linked refrigerators were early examples. But companies are using connected devices to increase efficiency. A logistics company may track the temperature inside a container of perishables, for example, or a health care company could monitor a diabetic patient's blood sugar level. 

According to the survey, only 14 percent of companies looking at or already using connected devices have auditing processes in place to track those devices and their security. 

Jon Summers, senior vice president of advanced solutions at AT&T based in Dallas, said corporate leadership should be thinking about cyber security long before a business starts using its first connected device.

“The data needs to be secure whether it’s sitting in the cloud somewhere or in transit between the (Internet of Things) device and the cloud,” he said.

AT&T is among the companies looking for a piece of the security consulting and threat analytics business, and sells products that secure connectivity to the cloud.

The economic value created by the Internet of Things could be worth as much as $1.1 trillion — about 11 percent of the global economy — by 2025, according to a 2015 study by consultant McKinsey & Co. And by 2020, 50 billion devices are expected to connect to the Internet, according to a separate AT&T study.

Yet the Internet of Things is still very young and mysterious to users, said Colm Lennon, founder of Haka Products, a Chicago startup that helps companies take new products and innovations to market.

“There’s a lot of tinkering going on, and there’s a lot of experimentation,” Lennon said. Companies “don’t understand how to securely connect to a device, secure the data and make sure an intruder can’t use that device to ... do harm.”

Lennon said he's seen few businesses plug into the Internet of Things in a secure way. Those that do bring together employees and leadership throughout the company, bridging gaps between departments.

Only 17 percent of companies surveyed in the study involve their boards of directors when considering IoT security, which is crucial, Lennon said. Without leadership involved, departments vital to the security of connected devices will fail to work together. For example, he said, security teams need to work with the IT department to securely deploy and monitor new technology. 

“All of the roles in this connected Internet of Things space, they have to really work closely together if the company wants to innovate at great speed but also innovate with the intent of doing so to protect their customers, to protect themselves and to protect their partners,” he said. “It can’t just be engineering running with this thing and learning it on their own.”

amarotti@tribpub.com  Twitter @allymarotti

Copyright © 2016, Chicago Tribune