May 18, 2018//Ellen NeveuxLast Updated: October 25, 2021
We live in a world that wants to connect everything and anything that it can to the Internet and because of this, it seems that everything we buy today is “smart”— our fridges, our phones, and even our wearable devices. Sure it may seem great when things work well and make our lives easier, but what about when things go wrong; like when bad actors get into networks of highly regulated industries and mess around with the things we rely on most?
According to International Data Corporation, worldwide spending on the Internet of Things (IoT) is forecasted to reach $772.5 billion in 2018. With the integration of IoT in highly regulated industries, like healthcare, bad actors knew that they could use this to their advantage to find weaknesses in systems. It is widely accepted that regulated industries struggle to protect sensitive information with bad actors regularly attempting to get into networks and systems via IoT. Chuck Kesler, the CISO of Duke Health, says the biggest challenge today in IoT security for enterprise organizations is that we are in the “we don’t know what we don’t know” phase of addressing IoT risks.
So, since so many enterprise organizations rely on IoT, and it is predicted that the amount spent on IoT will only increase with the upcoming years, what can we do to keep bad actors out? To begin, be diligent with implementing security standards, like a secure remote access platform, to properly protect devices and sensitive information on a network from being misused by the wrong people.
On their own, the words “Internet” and “Things” both make sense, but when you put them together things aren’t as clear. According to TechTarget, examples of a “thing” may be a person with a heart monitor implant, a car with built-in sensors, or any other man-made object that can be assigned an IP address that can transfer data. IoT consists of connected objects that are able to exchange different pieces of data using embedded sensors; there is no need for human interaction.
According to ZDNet, the goal of IoT is to merge together the digital and physical worlds and have them work together to make life easier. Today, billions of physical devices that collect and share data are connected to the Internet. Along the same lines, IoT adds a level of digital intelligence to devices that would otherwise not be characterized as “smart”— devices become “smart” when they can communicate without human being involvement. Although the interconnectivity and promised ease-of-use both seem like something from the future or a movie, it is very much the reality we all live in. As such, there are benefits and risks to IoT, especially when enterprise organizations integrate it into their systems.
IoT is imperative for success in the enterprise world. ZDNet says that enterprises use IoT to have access to more data about their own products and systems, that gives them the ability to make changes as a result. So for many enterprise organizations, IoT is great as a way to get feedback on both products and systems. This feedback allows for the implementation of change. Along with the availability of feedback, IoT can also increase efficiency for an enterprise. On the consumer side, the benefit of IoT is that it promises to make the environment we live in smarter. Sadly, there is more to IoT than just the feedback, increase in efficiency, and a smarter environment—there are some severe risks to the use of IoT. One of the drawbacks for the consumer, for example, is privacy. IoT has been in the news lately, especially for the issues with Amazon’s Alexa.
There are also many drawbacks for an enterprise organization. Without proper regulation, it leaves an organization open to all sorts of cyberattacks. For example, the more things that enter the IoT, the more cybersecurity professionals will need to up their regulations to make sure they are safe from bad actors. Terrifyingly enough, many IoT systems are built by organizations that don’t even consider the need for built-in security or security patches, so there may not even be a fix to issues that leaves weaknesses (like a privacy issue, or issues with personal devices).
Of the regulated industries that deal with IoT, the spotlight seems to frequently be on healthcare. For the healthcare industry, it makes sense to implement IoT since it’s known to increase efficiency and make products and services easier for the consumer. However, IoT adoption in healthcare has been quite slow. According to Healthcare IT News, this is because the industry itself lacks a set of guiding standards that would be used to protect the sensitive data that would be stored on devices on the IoT. Nancy Green of Verizon Enterprise Solutions sums these risks up well when she noted that some of the key concerns for healthcare are: standards, security, interoperability, and cost.
Whether it’s data breaches, ransomware, or IoT, the healthcare industry is always under fire. Michael Simon, the president and CEO of a cybersecurity firm said it best, “while 2017 was the year of ransomware, we are anticipating this already hard-hit sector will feel in 2018 the wrath of cybercriminals targeting the hundreds of thousands of IoT devices already deployed in healthcare.” This is expected to happen because the IoT devices in the healthcare industry are usually missing an added layer of protection, and without this protection, it allows those in the industry to be easily targeted by bad actors.
Healthcare IT News states that the best way for someone in the healthcare industry to be successful is to have robust processes and policies for building and maintaining an inventory of all systems connected to the network. This inventory should contain information, such as vendor names, that would allow the organization to quickly identify and address risks associated with IoT devices. A recent warning distributed by the Department of Homeland Security spoke about the risks that are associated with flaws that could be exploited by attackers to obtain unauthorized access to systems or to modify settings. Though these two examples are from the healthcare industry, the ideas can be mapped onto other highly regulated industries (e.g. government, retail, etc.) because it highlights the risks and emphasizes the importance of standards and policies for protecting a network.
The introduction of IoT to highly regulated industries has also brought new and terrifying cybersecurity threats with it. The only thing an organization can do is protect their network with secure remote access software. The right platform will offer added layers of protection for IoT devices. A platform should offer things like: least privilege permissions, real-time access notifications, variable access points, high-definition audit, and a way to easily control access for vendors. All of these aspects work together to keep your network and devices safe from bad actors.
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise Access has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink Customer Connect is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.