One of the biggest phrases going around the industry over the past year or so was “the Internet of Things.”
While that sounds impressive, the idea is catching on, but when anyone talks about the Internet, the next phrase someone should use is “the Security of the Internet of Things.”
“The Internet of Things is not just a buzzword, nor is it merely a vision of the sci-fi future. It’s already happening, in every sector of the global economy. Self-parking cars, autonomous drones, smart meters talking to smart appliances in the home, HVAC systems in commercial buildings, wireless-enabled medical devices and wearable fitness gadgets are all examples. Ubiquitous embedded software, often vulnerable and even unpatchable, enabled by 24/7 wireless connectivity, creates an unprecedented level of interconnectivity and complexity,” said SANS Analyst Gal Shpantzer. The next concept moving forward is security.
That is why SANS unveiled results of its “2013 Securing the Internet of Things” survey, in which 391 IT professionals answered questions about the current and future security realities of the Internet of Things (IoT).
In the survey, almost 60 percent of respondents fully understand and find the Internet of Things relevant to their companies and jobs; 43 percent of respondents are already actively working to secure some of these types of “Things” in their environments.
“The SANS Securing the Internet of Things survey results show that the security community is already aware of the challenges the IoT will bring and that those challenges will require both the evolution of existing security controls and the development of new security processes,” said survey author John Pescatore.
Survey respondents seem most concerned about device connections to the Internet (50 percent), followed by vulnerabilities associated with the command and control channel to the device’s firmware (24 percent), with another 9 percent concerned about the firmware itself.
While it’s clear that most organizations are preparing to embrace the IoT, 50 percent of respondents were not ready to secure an ecosystem of “Things,” and while they acknowledge their IT staff is responsible for securing their Things, they expect vendors to play a critical role in security of such devices as well.
“Security managers will hold the manufacturers of “Things” to higher levels of responsibility for security than they required for PCs and servers,” Pescatore said.