There's every reason to be concerned about the potential of an IoT system, sensor, or device being hacked in the enterprise or a user's home office.
These devices regularly are exposed for their vulnerabilities, and most are not built with security in mind. An attack via an IoT device can blindside an organization: Take the hotel in Las Vegas last year that lost data when a hacker made his way on to the network through a high-tech fish tank.
Over time, just about every household appliance and piece of office equipment will have an IP address, which means it will be potentially open to hackers.
Forrester's Merritt Maxim says 92% of global technology decision-makers with more than 1,000 employees say they have security policies in place for their firm's use of IoT devices and solutions. However, only 47% consider their security tools sufficient. A full 34% consider their security tools insufficient and another 10% say they do not have security tools to enforce their IoT security policies.
"I think the biggest misconception people have is that these type of hacks could not happen in real life," Maxim says. "People don’t think that their refrigerator, car, or office will be hacked, but the threat is real and the likelihood is that these threats will only increase."
Imposing though the threat has become, Suneil Sastri, director of product and content marketing at SOTI, adds that there are steps IT staffs can take to mitigate the threat.
"People need to understand that there are solutions," Sastri says. "IT people and consumers can change passwords, encrypt devices, and remotely patch devices. What we're concerned about is that people won't move forward with IoT because they are worried about security."
Jeff Wilbur, director of the Online Trust Alliance, says the good news is that some IoT vendors are fixing exposed vulnerabilities in their products, such as Fitbit, LG's Smart ThinQ dishwashers, and Samsung SmartThings.
Here are some common myths about securing IoT devices and systems.
Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md. View Full Bio