What IoT related security issues are CIOs currently facing?
Senior Director, Technology Solutions and Analytics in Telecommunication, 51 - 200 employees
A lot of these IoT things automatically update on their own. For example, with home surveillance kits, you can't even manually update the cameras. You have to wait for them to push it down. But if a bad actor gets in there, and they send out the wrong code, thousands of people will get hacked. You can't even block automatic updates. That seems like a pretty big risk.Director of IT in Software, 201 - 500 employees
We have seen a massive improvement in fishing detection by our employees after doing security awareness training. Overall we have seen employees less keen to click on links on emails or respond to unknown senders, overall improvement in them being more diligent and suspicious, more often will check with IT/Security team before they go to a website or try to download something.Technology helps a lot, but in my opinion, employees are the weakest link in a chain so security awareness training is a must for every organization.
Content you might like
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees
I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read moreYes, it helps establish credibility.34%
No, it's a barrier to entry.44%
It's nice to have, but doesn't need to be a requirement.21%
I'm not sure.0%
502 PARTICIPANTS
Fraud mitigation19%
Protection of reputation and brand56%
Protection of consumer data19%
Regulatory or compliance requirements6%
175 PARTICIPANTS
At some commercial farms, they have thousands of these moisture sensors. And at one farm I heard about, when there was a problem with one sensor, they had to upgrade all of them. But there was no way to do those upgrades all at once; you have to do them individually because there's no central patch management system for that. Now there are companies springing up that are trying to do this, but when there are millions upon millions of these IoT devices, how do you connect to all of them when they're all different? They have different upgrade paths. It's not like you're just patching software. It's going to be an interesting future, that's for sure.
It reminds me of Jurassic Park: you were so busy trying to figure out if you could make a wifi-capable light bulb that you didn't ask yourself if you should. Obviously, there's a need for it, but security was never first. In my industry, my experience has been that security is never the first thought. I remember when Windows 2000 came out, and Microsoft was like, “We know we haven't taken security seriously enough for Windows NT 4.0, but for Windows 2000 we've nailed it. This is really good.” And then they put one out on the internet and it was compromised in about 10 minutes. Security has never been first; it isn't even first when people say it is. So we're always going to be dealing with that. But it's hard to quantify there and figure out the risk as the rest of the world changes.