June 13, 2017 —
Some sobering news from the world of third-party Internet of Everything/Everyong (IoX) integrators indicates that the current state of IoX cybersecurity is critical. Is that news? Not really. Just another iteration of what is going on in cybersecurity.
A report from the Ponemon Institute indicates that 94 percent of IoX risk management professionals believe that the IoX is an open vector for a major security catastrophe. There is little incentive for third party individuals, at this stage of the game, to place a lot of security in their products since the IoX is still such a nebulously defined platform. The great concern on their part is the insecurity around how this will develop in the next few years.
That is an understandable concern. With security having so many different possibilities, from hardware to abstraction layers to software, to operating systems, it can be an expensive proposition to try and second guess where and what to put into products and services.
Yet they will have to figure out something. As enterprises are starting to deploy early IoX strategies, the layout of the land becomes a virtual cornucopia of opportunity for hackers. Many enterprises are trying to push out IoX strategies in hopes they will improve business, even though many models are just beginning to be understood.
One thing the report indicates is just how much of a disconnect there is between the third-party vendors and the enterprise, and how a breach could spell disaster for the enterprise. A sad metric is that 94 percent of enterprise security configurations still depend on nothing more than traditional network firewalls.
Part of the problem is lack of history. Everybody knows somebody that has been hacked, but many enterprises have never been subject to a hack. There is a bit of a “it isn’t going to happen to me” mentality out there, in spite of all of the breaches that have come and are coming to light. Another concern is that many enterprises simply don’t understand the complexities around security solutions.
While security solutions are evolving and we have a very deep well of understanding of cybersecurity, deploying these solutions is another story. Security is overhead, much like insurance. Sure, we all need it, yet most of the population is, at a minimum, underinsured and the cost of carrying it has no ROI. The same holds true for cybersecurity.
Of course, not all enterprises are potentially vulnerable. Certain industries and enterprises such as the health care system, public safety, infrastructures are ahead of the curve. They understand the potential disaster that can occur with a large scale breach. But the private sector lags and breaches in that sector are yet to have a real meltdown. Let’s hope they come around before it is too late.