With public health and safety as a top priority, the RSA Conference 2020 decided to reimagine its annually sought-after event into a global virtual learning experience. While we are uncertain as to when international events and travel will be back to normal, virtual events are now ensuring the show goes on. The conference discussed a variety of topics with speakers from various enterprises.
Arthur Fontaine, Solution Strategist at RSA presented the best practices for managing risks in the era of IoT. As the IoT market continues to increase, it is estimated there will be 25 billion devices by 2025 with the market’s expected value at US$1.1 trillion in 2026. At the same time, 58% of organisations would have well developed IoT initiatives.
The increasing number of devices will surely bring increasing concerns for organisations as well. Arthur pointed out that while IoT has its benefits, some specific challenges and risks come with them. Be it IIoT, IoMT, smart cities or smart homes, all IoT devices would be at risk and need to ensure compliance by meeting policy issues. These include regulatory requirements, digital privacy issues and data security concerns.
“IoT will be involved in all of your digital risks. No matter what problem area you’re attacking, there’s going to be an IoT component to that. For example, DDoS attacks. Connected devices like CCTVs can be recruited for attacks”.
With that said, there are critical innovations for IoT which organisations can consider. The first one is edge computing. Arthur explained gateways and servers create a middle layer between IoT devices and the cloud. Edge computing allows data processing, data analytics and machine to machine communication at the edge which in turn avoids any risks being affecting the cloud.
Secondly, IoT devices need to have standards and frameworks. As businesses use purpose-built devices for single applications, they need to ensure these applications run reliably with low downtime. Also, businesses need to ensure their devices are not pre-installed with any applications, patches or vulnerabilities that may lead to problems. This includes identifying a core baseline of IoT device cybersecurity capabilities for manufacturers.
For IoT security and risk managers, Arthur recommended that they make IoT part of their risk and security plans.
“You need to treat it like any other digital risk, engage the right functional areas and address the ‘kudzu’ of freely deployed devices”.
They also need to empower IoT use with risk and security controls. Security and risk managers should encourage the use of IoT when appropriate but ensure security and risk reviews are in place for it as well as creating a playbook for deployment and management of IoT devices and systems.