The Internet of Things (IoT) is sure getting a lot of headlines these days. And, according to consulting firm McKinsey in their 2015 report An executive’s guide to the Internet of Things, it’s not just hype. But are we ready to slap an IP address on everything in sight? Isn’t that essentially what we did twenty years ago after we all first saw NCSA’s Mosaic web browser?
Based on what I’m seeing, it feels like we’re having to learn our cybersecurity lessons all over again.
McKinsey says there’s a lot of business-to-business value the IoT can unlock:
…business-to-business applications will account for nearly 70 percent of the value that we estimate will flow from IoT in the next ten years. We believe it could create as much as $11.1 trillion a year globally in economic value in nine different types of physical settings. Nearly $5 trillion would be generated almost exclusively in B2B settings: factories in the extended sense, such as those in manufacturing, agriculture, and even healthcare environments; work sites across mining, oil and gas, and construction; and, finally, offices.
As I read through their report, I kept looking for the cybersecurity advice and finally found it at the bottom of the article. That section is a bit thin, but useful. Here’s an excerpt:
IoT poses not only the normal risks associated with the increased use of data but also the vastly greater risks of systemic breaches as organizations connect to millions of embedded sensors and communications devices. Each is a potential entry point for malicious hackers, and the damage from a break-in can be literally life threatening—disrupting machine-control systems on an oil rig or in a hospital, for example.
If I was managing the risk of IoT for my organization, I would purchase from suppliers that have already baked security into their products. The know-how exists; suppliers just have to implement it. Otherwise, you will have to add it on post-deployment which is risky, expensive, and very difficult with no guarantees.
But then, based on our experiences living on the Internet for so many years, you already knew that, right?