The Inter­net of Things (IoT) is sure get­ting a lot of head­lines these days. And, accord­ing to con­sult­ing firm McK­in­sey in their 2015 report An executive’s guide to the Inter­net of Things, it’s not just hype. But are we ready to slap an IP address on every­thing in sight? Isn’t that essen­tial­ly what we did twen­ty years ago after we all first saw NCSA’s Mosa­ic web brows­er?

Based on what I’m see­ing, it feels like we’re hav­ing to learn our cyber­se­cu­ri­ty lessons all over again.

By Source, Fair use, https://en.wikipedia.org/w/index.php?curid=22564429

McK­in­sey says there’s a lot of busi­ness-to-busi­ness val­ue the IoT can unlock:

…busi­ness-to-busi­ness appli­ca­tions will account for near­ly 70 per­cent of the val­ue that we esti­mate will flow from IoT in the next ten years. We believe it could cre­ate as much as $11.1 tril­lion a year glob­al­ly in eco­nom­ic val­ue in nine dif­fer­ent types of phys­i­cal set­tings. Near­ly $5 tril­lion would be gen­er­at­ed almost exclu­sive­ly in B2B set­tings: fac­to­ries in the extend­ed sense, such as those in man­u­fac­tur­ing, agri­cul­ture, and even health­care envi­ron­ments; work sites across min­ing, oil and gas, and con­struc­tion; and, final­ly, offices.

As I read through their report, I kept look­ing for the cyber­se­cu­ri­ty advice and final­ly found it at the bot­tom of the arti­cle. That sec­tion is a bit thin, but use­ful. Here’s an excerpt:

IoT pos­es not only the nor­mal risks asso­ci­at­ed with the increased use of data but also the vast­ly greater risks of sys­temic breach­es as orga­ni­za­tions con­nect to mil­lions of embed­ded sen­sors and com­mu­ni­ca­tions devices. Each is a poten­tial entry point for mali­cious hack­ers, and the dam­age from a break-in can be lit­er­al­ly life threatening—disrupting machine-con­trol sys­tems on an oil rig or in a hos­pi­tal, for exam­ple.

If I was man­ag­ing the risk of IoT for my orga­ni­za­tion, I would pur­chase from sup­pli­ers that have already baked secu­ri­ty into their prod­ucts. The know-how exists; sup­pli­ers just have to imple­ment it. Oth­er­wise, you will have to add it on post-deploy­ment which is risky, expen­sive, and very dif­fi­cult with no guar­an­tees.

But then, based on our expe­ri­ences liv­ing on the Inter­net for so many years, you already knew that, right?