Picture the scene: You walk up to the coffee vending machine in the office, stop for five seconds, and you’re greeted with a: “Good morning John, coffee, extra milk, extra sugar. Have a great day”. And if it’s your fifth visit of the morning, expect a friendly word of advice: “Would you prefer de-caffeinated?” No button-pressing. Just look at the machine and it does all the rest. And if you want something else, you can always correct the machine.
Far-fetched? Certainly not. We may have not reached that stage yet, however Intel last week unveiled a picture-taking, age-guessing vending machine. Cool stuff – and you can read what The Register’s Simon Sharwood had to say about it here.
It all sounds wonderful and it is, until you start thinking about privacy (a point not lost on Sharwood) and security. We may not be facing the ‘next privacy panic’ or the ‘next major threat surface for businesses’ but that does not mean it cannot happen. The IoT may not be a big deal for IT administrators but there is growing awareness that the proliferation of devices and inter-connected devices could be a problem that they need to prepare to deal with.
In fact, a survey carried out by GFI Software and released today found that the growing relevance of IoT for small and medium-sized businesses (SMB) means growing security threats, greater device management challenges and increased costs for IT management.
Respondents overwhelmingly cited greater exposure to existing and undiscovered threats, particularly from mobile devices, as among their most pressing concerns about the onward march of the IoT into their organization.
Analysts expect the number of devices – or “things” – that will connect to the Internet to grow radically by 2020; this spike in connected devices will create billions of insecure new endpoints that will in turn produce new vectors of attack designed to either compromise the device or gain access to infrastructure.
Disruption is a significant concern, as 96.5 percent of IT decision makers surveyed said that IoT would produce at least some negative impacts for their organizations, with more than half (55 percent) saying it will impose new security threats while extending existing threats to a greater number of devices. Furthermore, 30 percent said IoT will result in an increased IT spend, while 26.7 percent expected device management to spiral out of control as a result of the rise of IoT. Fourteen percent expect that deploying patches across multiple platforms will present a particular challenge.
A sea-change for IT administration
Each new modern innovation requires adaption to new technologies – not only to take advantage of the new opportunities, but also to adjust to the new problems that inevitably arise from it. So it goes with the Internet of Things, as over three-quarters (78.6 percent) of IT administrators expect their security practices to change as a result of IoT. Among these changes, nearly one-third (30 percent) expect to have to revise policies about connectivity in the workplace to manage this adaption.
Going mobile: danger ahead
The increasingly prominent role wireless devices play in the daily lives of employees results in greater security risks in general for an organization. When it comes to IoT, the risks from mobile devices becomes particularly acute, according to survey respondents, 81.7 percent of whom indicated that mobile devices create the most potential as a point of exploitation in the IoT age.
Build that wall
Existing anti-spam, anti-virus and anti-malware infrastructure may not do the job of protecting against the multitude of risks posed by the billions of insecure new endpoints. When asked to rank priority areas of security focus, 45 percent of IT decision makers surveyed pointed to firewalls as their very top priority, while 35.7 percent cited mobile device management. Antivirus was cited as a top priority by less than a fifth (18.7 percent) of respondents.
The survey of 202 IT decision makers in U.S. workplaces employing up to 250 people was conducted by Opinion Matters for GFI Software.