Removing risk from the IoT equation: How businesses can avoid falling victim to data breaches

By Iain Shearman, MD KCOM National Business.

  • 4 years ago Posted in

According to industry analysts, Gartner, there will be 5.8 billion Internet of Things (IoT) endpoints in use this year, which is a 21% increase from 2019. As the potential of IoT begins to be realised in practical applications, it’s time for organisations to wake up to the risks as well as the benefits of IoT. 

At its heart, IoT is concerned with collecting, analysing and using data. It offers the potential for a global view across the whole of an organisation, with unprecedented insight into customer behaviours, business operations, working habits and more. While it’s easy to see why businesses are excited, this access to data on this scale can also present major cyber security risks.

One needs only to look at the Las Vegas casino that was hacked through a thermometer in an IoT enabled fish-tank to realise how quickly things can go wrong in this increasingly connected world. So how can organisations reap the full benefits of IoT without becoming a cautionary tale?

A world of opportunity

Evidently, the business world is set to be revolutionised by IoT. Cloud computing, smart devices and applications will render the standard 9-5 setup a thing of the past. This is because IoT goes beyond the cloud to manage all devices on one network, opening up the potential to control not only personal workload but also warehouse inventory or even an entire production line, for instance.

IoT has the potential to drive efficiency savings too. Sensors and tracking mean services like heating and lighting can be controlled remotely and automatically. Intelligent smart devices will interact with our surroundings and save time on numerous standard interactions, such as coffee and stationery orders, along with practical, location-specific activities like monitoring fridge temperatures in clinical environments.


Connected devices also enable greater insight into customer behaviour, giving businesses the opportunity to respond with targeted strategies from branding to shop layouts, products and services.

The security and privacy dilemma

While the advantages of IoT are clear, what’s less understood are the risks from the immense volume of data that will be produced. Arguably, the biggest challenge for the IoT will be the risk to security and privacy - already there are concerns about ease of hacking and the potentially disastrous consequences this could have on businesses.

Infinite new connections between devices are potentially leaving the back door open in terms of security. As well as an increased chance of security breaches, more applications also means increased potential for damage in the event of a breach.

Combining new technology with legacy infrastructures can be a tall order and - without the right strategy in place - can create problems that are difficult to repair. Cyber-attacks have become so sophisticated that no business is immune, regardless of their size. Data hacking is a very real threat and businesses that shun the idea must open their eyes to reality.

Organisations need to think carefully about data protection policies that will meet their own and their customers’ needs. Maintaining a solid IT security position is an ongoing task requiring continuous action and review. Businesses must adopt a less passive attitude to security and become more active and preventative. It is no longer sufficient to retrofit cybersecurity; it must be planned upfront in order to be effective, moving to ‘security by design’ rather than ‘by addition’.

A robust security strategy must be at the core of every network. It’s impossible to prevent hackers getting in, but organising data using encryption is the best way to protect sensitive or private files. Creating an impossible maze of navigation distracts and confuses potential hackers and creates a challenging and time consuming process, impeding them in their tracks.

With an ever-increasing reliance on data, it’s critical that protection and security surrounding confidential personal data is a fundamental part of any business model and that it’s monitored constantly to avoid the effects of potentially devastating security breaches.

Workplace culture and its role in cybersecurity

Although essential, technology is only a piece of the jigsaw – an effective workplace security culture is a top priority. An organisation’s security culture is the foundation of its data security programme. It’s critical to embed security values and for action to replace rhetoric - an engaged workforce is more likely to feel accountable and take responsibility for security.

The reality is that humans are the weakest links in any organisation and while computers will do as we programme them to, humans do not, which makes the need for a security framework even more crucial. According to Verizon, human error is the root cause of close to one in five data breaches and while almost three-quarters of attacks are perpetrated from outside an organisation, more than a quarter involve insiders.

An organisation’s security culture requires ongoing care and maintenance. When security culture is sustainable, it will transform security from a one-time event into a way of working that will forever generate a return to a business. For employees, there must be a focus on continued awareness. Security training should not be treated in isolation, instead organisations should commit to regular sessions for their people across all areas of the business to boost confidence and performance.

Employees are often pinpointed as targets to obtain data, which makes the need to educate colleagues on cybersecurity all the more important. Awareness of what an early “phishing” attempt looks like, for example, could prevent a fatal business attack.

As more and more connected devices come to market, IoT is only going to increase in importance and relevance for businesses of every shape and size. The excitement surrounding this emerging technology is understandable and it’s always encouraging to see organisations maximising the new opportunities that technology presents for their businesses. By thinking strategically, and ensuring that security considerations are fundamental to their business strategy, organisations can avoid falling victim to the IoT hype. Mitigate the risks of IoT and the positives will be long-lasting.


