According to a 2018 report from security company Symantec, the number of Internet of Things (IoT) attacks increased from about 6,000 in 2016 to more than 50,000 in 2017, which translates into a 600% rise in just one year. IoT devices are increasingly the attack vector of choice for cybercriminals around the world. IoT is particularly popular for ransomware attacks and illegal cryptocurrency miners.
As mobile and IoT devices become more and more important to the overall success of modern business, the inherent security vulnerabilities they bring to information technology infrastructures becomes more acute—and more dangerous. The enthusiastic, and somewhat reckless, embrace of BYOD mobile and IoT devices by so many businesses, all hoping to capitalize on employee mobile productivity, may have far-reaching and costly security consequences for all of us.
SEE: GDPR security pack: Policies to protect data and achieve compliance (Tech Pro Research)
According to Verizon’s Mobile Security Index 2018, only 14% of the responding organizations said they had implemented even the most basic cybersecurity practices, with an astonishing 32% of these IT professionals admitting that their organization sacrifices mobile security to improve business performance on a regular basis. That general lax attitude toward cybersecurity goes along way toward explaining why IoT attacks have spiked 600% in one year.
SEE: Special report: Sensor’d enterprise: IoT, ML, and big data (free TechRepublic PDF)
Businesses, regardless of size or technical sophistication, can’t afford to continue treating cybersecurity, especially with regard to IoT, as an afterthought. Besides the obvious costs of lost productivity from system downtime, there is a substantial potential for fines and penalties stemming from data loss and violation of privacy regulations. Whether you like it or not, cybersecurity must be a vital and integral part of your strategic plan.
Successfully implementing an IoT security plan of action requires the cooperation and participation of every member of an organization. Exceptions are vulnerabilities. TechRepublic premium sister site, Tech Pro Research, offers a ready-made Internet of Things Policy that your enterprise can use to develop its own comprehensive IoT security strategy.
The days of cutting security corners for the sake of a small measure of increased productivity are over. The risks of bad IoT policy—to your organization as well as every organization you do business with—is far too great for that reckless way of thinking to continue.
Do you have a formal IoT policy for your organization? Share your advice and opinions with your peers at TechRepublic in the discussion thread below.