The ‘Internet of Things’ (IoT) is expanding networking in many industries and increasing the value chain. However, networking devices with the Internet and the machine-to-machine communication based on it also involves many dangers. The awareness of companies about the risks associated with IOT is sensitized in many companies, but the massive cyber-attacks of the recent past show that device manufacturers have not learned from their mistakes. Cybercrime is now a bigger business than drug trafficking.
When everything is interconnected and communicates with each other
The rapid spread of networked devices and sensors generates large amounts of data and in some cases provides new insights. Based on this, processes can be improved, and new business models developed. The flip side of this is that new security gaps are also emerging that offer cybercriminals new targets to cause major damage. The seemingly unlimited networking also presents new challenges in the area of cyber security. The frequency of attacks and other threat scenarios, which can affect the economic success of a company in particular, continues to increase. The most relevant cyber threats today are still malware (in the form of malware and viruses), followed by ransomware (in the form of blackmail through data encryption) and social engineering, the exploitation of interpersonal relationships. The extent of the risks and damage potential of cyber attacks – whether through theft or manipulation of business and customer data or through limited availability of IT services – is significant and should be a top priority for business leaders.
Not all companies are adequately protected against cybercrime
The topic of IT security is often missed during the conception of IoT solutions. It should be conceived as ‘Security by Design’ from beginning to end. Depending on the field of application, different security levels are required, which should not be considered during implementation. Often there is also a lack of security management, which is stringently responsible for, accompanies and implements this topic.
The security management, the CISO or the IT security manager manages the IT security of a company in the truest sense of the word. From the development of imaginative security solutions to the implementation of guidelines and training procedures.
Although the technical skills of the security manager can take a back seat, they are the driving force behind your company’s security measures. While awareness of IT security requirements has grown, implementation is often sluggish. The first universities have established a professorship specializing in IT security. Some companies recognise the seriousness of IT security, but have a hard time upgrading their staff to bring qualified staff on board. Currently, there are only a few experts in the field of IT security available on the job market.
Employers have so far made only limited compromises when recruiting suitable employees in the IT security sector. It is highly advisable to make concessions when recruiting and not to insist on a 100 percent accuracy of fit. Rather, companies should invest in skills and offer tailor-made training for any gaps.
Companies that deal with the topic of the Internet of Things and work out concepts to improve processes or expand business should not ignore the topic of IT security either. Security should be on the agenda right from the start. It is precisely the security gaps that can arise in the area of IoT as a result of networking and connecting the individual machines and controls that offer hackers great potential for attack. In order to give this topic the necessary entrepreneurial relevance, the role of an IT security manager should not be trivialized, but should be located in the C-level area or at least have a direct reporting line.