Conclusion:
Your call to action

Conclusion: Your call to action

It's easy to feel overwhelmed by the scope and complexity of the fast-materializing IoT era. You can, however, begin to reduce that complexity, first by understanding the security implications that connected devices introduce and then by building a framework for securing your IoT ecosystem.

As your organization inevitably moves into the brave new world of the IoT, we'll leave you with four questions — based on our framework for securing IoT deployments — that every CEO should ask his or her team about securing the IoT.

1. Have we done an all-inclusive risk assessment that considers the IoT as a part of our overall risk?

Identify the types of risks — data and physical/operational — that every IoT deployment introduces. This will help you to apply security controls that are commensurate with each level of risk. Regardless of the device type, every connected device should meet baseline security requirements.

2. Are our data and connected devices secure when deploying new IoT solutions?

Whenever possible, isolate IoT data and networks from existing IT systems. This will help to reduce an attacker's ability to launch broader cyberattacks on mission-critical systems. And given the massive increase in connected devices and data volumes, consider adding automated processes to monitor data and identify threats.

3. Are we aligned, from leadership to the front line, on IoT security and strategy?

Communicating often with your board of directors will help ensure that corporate leaders clearly understand the opportunities and risks of IoT deployments. It's also critical that every business unit understands the unique security considerations that IoT devices introduce.

4. Have we defined legal and regulatory guidelines covering new IoT devices and deployments?

It's important to evaluate the security capabilities and responsibilities of your business partners, customers, and IoT product and service providers. Establishing clear security protocols — and lines of accountability — is critical to minimizing weak-link scenarios.

The IoT era is just beginning, and many aspects of securing it remain a work in progress. Organizations in every industry are already reaping the benefits of IoT implementations. By approaching the IoT strategically, and with security at the core of every connected device, your organization can begin to capture new business value — while keeping potential risks in check.

Additional reading

Volumne 1

About our survey

To gain a better understanding of the current state of the Internet of Things in large businesses and the current thinking behind security issues related to IoT, AT&T commissioned a survey of business and IT decision-makers in October 2015. Respondents to the State of IoT Security survey had to be director-level or above at companies with at least 1,000 employees. The self-administered survey returned more than 500 responses globally, covering a mix of functional areas and roles within the organization.

End notes and sources

  1. State of IoT Security, AT&T, October 2015
  2. ibid
  3. "That ‘Internet of Things' Thing," RFID Journal, July 1999, http://www.rfidjournal.com/articles/view?4986
  4. "Things Are Getting Interesting," AT&T, January 2016 [unpublished draft of companion IoT report]
  5. "How Smart, Connected Products are Transforming Competition," Harvard Business Review, November 2014, https://hbr.org/2014/11/how-smart-connected-products-are-transforming-competition
  6. "Worldwide Internet of Things Forecast," 2015-2020, IDC, May 2015, http://www.idc.com/infographics/IoT/ATTACHMENTS/IoT.pdf
  7. "The Internet of Things: How the Next Evolution of the Internet Is Changing Everything," Cisco, April 2011, https://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf
  8. "What Every CEO Needs to Know About Cybersecurity," AT&T, September 2015, http://www.corp.att.com/cybersecurity/
  9. "FTC Approves Final Order Settling Charges Against TRENDnet, Inc." FTC, February 2014, https://www.ftc.gov/news-events/press-releases/2014/02/ftc-approves-final-order-settling-charges-against-trendnet-inc
  10. "The Internet of Things: Mapping the Value Beyond the Hype," McKinsey Global Institute, June 2015, http://www.mckinsey.com/business-functions/business-technology/our-insights/the-internet-of-things-the-value-of-digitizing-the-physical-world
  11. "Hack Attack Causes ‘Massive Damage' at Steel Works," BBC, December 2014, http://www.bbc.com/news/technology-30575104
  12. "FAA Needs a More Comprehensive Approach to Address Cybersecurity as Agency Transitions to NextGen," U.S. Government Accountability Office, April 2015, http://www.gao.gov/products/GAO-15-370
  13. "FBI: Hacker Claimed to Have Taken Over Flight's Engine Controls," CNN.com, May 2015, http://www.cnn.com/2015/05/17/us/fbi-hacker-flight-computer-systems/
  14. "The Internet of Things: What It Means for U.S. Manufacturing," PwC, February 2015, http://www.pwc.com/us/en/industrial-products/next-manufacturing/big-data-driven-manufacturing.html
  15. State of IoT Security, AT&T, October 2015