IBM Institute for Business Value Releases Report on IoT Security

The report outlines the vulnerabilities that industrial and utility companies face from the Internet of Things—and how to mitigate them.
Published: March 19, 2018

PRESS RELEASE:

The IBM Institute for Business Value launches a report on the ‘Internet of Threats,’ outlining the vulnerabilities industrial and utility companies face from the IoT, and how they can mitigate these.

The IoT market is projected to grow from an installed base of 15 billion devices in 2015 to 30 billion devices in 2020 and 75 billion in 2025. While IoT technology is used to enhance productivity, solve problems, create new business opportunities and operational efficiencies, security was an afterthought for many early generation IoT applications, creating vulnerabilities in the network and the potential for industrial process interruption, manipulation or espionage.
It’s an ongoing concern today. The IBM Institute for Business Value report found 36 percent of executives saying that securing an IoT platform and its devices is a top challenge for their organisation, while only 10% of those who have implemented IoT are continuously monitoring IoT traffic to find anomalies and assess vulnerabilities.

The report found that most industrial and utilities organisations are in the early stages of adopting practices and protective technologies to mitigate IoT security risks, however only a small percentage have fully imple¬mented operational, technical and cognitive practices or IoT-specific security technologies. Encryption (21%), network security and device authentication (23%), as well as security analytics (17%) were some of the key technologies being used for IoT security.

Some of the top recommendations from the report include: establish a formal IoT security programme. Follow an operational excellence model of people, process and technology to build IoT security capabilities; understand each endpoint, what it does and who it talks to. Every IoT endpoint must be identified and profiled, added to an asset inventory and monitored; know when and how to be proactive. To prepare an effective response to cyberattacks, carry out breach simulations, regular field and plant situational awareness and engage in security operation centre monitoring.