The holiday season usually means new tech gadgets for everyone to tap, swipe, click, and download. Most people who unwrap a new iPhone, MacBook, Smartwatch, Fitbit, or game console probably aren’t considering the ramifications of connecting those devices to the Internet and setting up new user accounts filled with their personal information. Unfortunately, we live in a time where have to, or at the very least, should.
The Internet of Things (IoT), which is essentially comprised of any device that can connect to the Internet, exposes consumers and companies alike to cyber risks that are both difficult to identify and challenging to mitigate. Many of these devices become part of a person’s everyday life – and rightfully so – as they could offer convenience, comfort and safety. However, people are not only using them at home. They are also bringing them into the office, connecting them to the company network and never thinking about the potential vulnerability to the organization and its customers.
Gartner Inc. forecasted that “6.4 billion connected things will be used worldwide in 2016.” They expect that number to grow to 20.8 billion by 2020. With these numbers in mind, companies must be extremely proactive in their approach to defending their networks against “rogue” devices. Any hole in security potentially opens millions of records up to a cyber breach, can cause business interruption, supply chain issues, revenue loss, reputation damage and even property damage or bodily injury. Imagine particularly malicious hackers who decide to tamper with medical equipment, power grids, GPS-controlled automobiles or aircraft, etc. With all of the devices connected to the Web, they are all accessible.
While it may seem almost impossible to defend against the exposures presented by the IoT, it is critical that organizations identify them when assessing cyber risk. As with all cyber risk, the burden of risk mitigation does not fall onto IT alone. In addition to an expert review of your organization’s insurance policies, the C-Suite should consider an Enterprise Risk Management (ERM) approach to identifying, qualifying and quantifying cyber risk, and determine mitigation strategies to thwart exposures such as ones presented by the IoT. Enterprise Risk Management is there to reduce surprises, increase certainty and awareness, and document steps taken to mitigate exposures.
The Internet of Things shows enormous potential for better connecting people and monitoring/controlling machines, but the risks cannot be ignored.
For more on Enterprise Risk Management, please visit the ERM section of our blog or see an article I co-authored with our Managing Principal, Albert Sica, “Cyber Strategy and Enterprise Risk Management (ERM).”
Click here to request more information about The ALS Group or if you have questions regarding cyber risk mitigation strategies.