The "Internet of Things" offers the potential for great societal benefits, with vendors having already debuted Internet-linked devices that help people better track their health and exercise routines, monitor elderly relatives and increase the energy efficiency of their home.
But too often, technology vendors treat security as an afterthought, says London-based Forrester Research analyst Andrew Rose. As a result, millions of new devices are being connected to the Internet that individually and collectively may contain vulnerabilities that can be exploited in unforeseen ways.
"We're creating a black swan factory," Rose says in an interview with Information Security Media Group, referring to the theory of black swan events - major, society-changing events that come as a surprise, but often appear obvious in retrospect.
"We've got so many different pieces of complex technology overlapping, interlinking, and then we're going to start to hand over eventually control to the machines to start making decisions. So that decision may be whether to switch the lights off in a building, it may be to reroute the sewage in a town, it may be to control the speed of your car," Rose says. "But as more and more of those decisions are made autonomously, then the potential for risk, the potential for layers upon layers of catastrophe, actually increase."
In this interview, Rose discusses:
- Why vendors are prioritizing speed to market over security concerns;
- Essential data security and privacy controls for Internet of Things devices;
- Unanswered questions, including how to patch these devices;
- How EU data protection regulations apply to capturing, storing and analyzing related big data.
Rose, a professional IT risk and security expert and former CISO, is a principal analyst in the security and risk practice at the London office of Forrester Research, working with CISOs on everything from strategic planning and risk management to security budget and staffing challenges.