Developing an IoT Security Strategy for the New Year

In PwC’s recently released 2018 edition of The Global State of Information Security survey, the internet of things (IoT) becoming increasingly ubiquitous means that the security of IoT devices is going to be one of the most important topics of 2018. In their survey, 67 percent of respondents (taken from a sample of 9,500 executives in 122 countries and over 75 different industries) have an IoT security strategy already in place or are in the process of implementing one. Some of the most popular policies and strategies include the following:

  • 36 percent of respondents have implemented uniform cybersecurity standards and policies across all IoT devices and systems
  • 34 percent implemented new data collection, retention, and destruction policies
  • 34 percent of responders have implemented a system to access devices and interconnect systems across the business

There are a number of security issues presented by IoT devices. These are some of the most pertinent safety challenges that businesses face:

  • Many embedded devices are mass-produced; if a cyber attack is successful against one device, it can be replicated across all devices.
  • Current embedded devices are only just starting to implement security measures, so there is a lack of precedent to start from and build upon.
  • Many of these devices are not easily patched or updated, as their specialized operating systems likely do not have automated capabilities or the necessary storage.
  • IoT devices typically have a much longer lifestyle than their predecessors, which means that the devices will need to be capable of withstanding cyber attacks for fifteen or twenty years in a rapidly-shifting landscape.

In summary, while these devices represent a number of potential improvements to businesses across countless industries, it is absolutely necessary that every business implementing these devices have a security strategy to prevent potentially compromising their entire operation. The Department of Homeland Security suggests identifying and authenticating any device connected to the network, performing “red-teaming” exercises to assess the needed security measures, and ensuring that there are controls in place that will allow the device’s consumers to enable selective connectivity, which can protect the network in the event of one device being compromised. In addition, a Cyber Liability/Privacy & Network Security insurance policy will provide a further line of defense in the event that your software is breached.

About Axis Insurance Services

At Axis Insurance Services, we aim to help our customers identify their exposures and protect themselves. Founded in 1999, we offer insurance programs to a wide variety of professionals and industries including attorneys, real estate, healthcare, architects, and more, and also have a wholesale division. We pride ourselves on offering flexible insurance coverage tailored specifically to each customer’s needs. To learn more about our solutions, contact us at (201) 847-9175 to speak with one of our professionals.