Sure, you can make jokes about your microwave spying on you or your refrigerator launching a spam attack on a hacker’s behalf.
Except it’s not a joke.
IoT threat is real
When it comes to the Internet of Things (IoT), you can believe the scare stories, says KPMG International in a new report. While IoT will likely be bigger than most people think, success in the IoT space will take more than slick applications, connected devices, and advanced analytics. It will also require a robust approach to security, privacy, and trust, according to KPMG.
“We believe that the technology sector must come together with other vertical and horizontal players in the IoT ecosystem to create a unified approach to security and standards that everyone can live by, and grow with,” says Gary Matuszak, KPMG’s global chair, Technology, Media, and Telecommunications. “Today’s current state of fragmentation and competition on standards will only result in greater complexity for users and reduced growth for the sector.”
The KPMG report provides five key takeaways:
• IoT market is evolving. The IoT sector is growing rapidly and will likely undergo several iterations of transformation. Similarly, concerns related to security, privacy, and trust will also evolve and transform as the market changes. As such, security strategies should be broad-based to anticipate and respond to potential disruptions that could impact current market positions.
• IoT ecosystem plays a critical role in securing IoT.
Businesses should carefully evaluate their third-party suppliers, identify qualified partners, and invest in integrating security, privacy, and trust across the ecosystem. Businesses should consider different approaches to building the capabilities they require within the ecosystem including whether they can buy, build, partner, invest, or create an alliance to achieve their goals.
• Security must be built-in from the ground up with the customer in mind.
Consumers and business partners will expect security to be built into the system and so technology architects should follow an always-on principle that provides high levels of control with appropriate failsafe attributes. Given the scale and velocity of IoT growth, security vulnerabilities can become large liabilities to the company.
• Look for opportunities to drive value from security.
Security architects should reconsider the security models to identify potential to enhance the value of security. Consider, for example, using premium concepts of security, privacy, and trust to differentiate the product.
Security for IoT is not just about protecting valuable data, it’s also about finding opportunities to monetize the intelligence.
• Engage in industry and regulatory groups to accelerate the normalization and standardization of IoT.
Collaboration will reduce ambiguity and accelerate a company’s ability to launch products and services within a sustainable business ecosystem. At the same time, regulators will also need to participate in industry discussion in order to protect market and consumer interests. Technology companies should be proactive to help regulators to support IoT.
Growing evidence for concern
KPMG’s report underscores the potential risk in this relatively new facet of the internet.
This comes at a time when IoT is being held out as a strong plus for banks, specifically. As reported on www.BankingExchange.com earlier this year, a white paper by Accenture relates how the IoT will affect the industry:
“For banks the internet of things will deliver an unprecedented level of data and data-driven customer insight. This will allow banks to provide their customers—individuals and businesses alike—a truly bespoke experience, with insights, advice, and offers that reflect the day-to-day events in customers’ lives. The internet of things is the key factor that will enable a bank to fully transform into a bank of things.” [Emphasis added]
However, a study by Booz Allen addresses the IoT security threat: “With the internet of things, cyber risk now stretches across a third dimension. Employees may come to work with a compromised wearable device, or pull their hacked connected vehicle into the company parking lot. This creates a new type of cyber risk for organizations—with significantly increased complexity and exposure.”