NIST Releases IoT Cyber Security And Privacy Risks Report

There are many enterprises already reaping the benefits of leveraging the Internet of Things (IoT) technology and devices, however as Bain & Company reports, “The IoT could be growing even faster with better cyber security.” In fact, their research shows that customers would pay 22% more for secure devices, and buy 70% more of them.

See Related: “The Ethics Of The IoT: Are Engineers Failing To Speak Up?”

Similarly, according to a Forbes roundup of IoT forecasts and market estimates, Gartner has predicted that spending on IoT Endpoint Security solutions will increase from $240Mn in 2016 to $631Mn in 2021, attaining a CAGR of 21.38%. Worldwide IoT security spend will increase from $912Mn in 2016, soaring to $3.1Bn in 2021, attaining a 27.87% CAGR in the forecast period.

With so many IoT devices already operating in businesses and security concerns increasing, the National Institute of Standards and Technology (NIST) has issued the report, "Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks," in order to help organizations become more aware of the large number of IoT devices they are already using and how they may affect cyber security and privacy risks differently than conventional IT devices.

While the purpose of the publication is to help federal agencies, other enterprises can benefit from the report to better understand and manage the cyber security and privacy risks associated with their IoT devices. NIST lays out three high-level risk mitigation goals:

1. Protect device security.
2. Protect data security.
3. Protecting individuals’ privacy throughout the device lifecycle.

According to the report, “Organizations should ensure they are addressing the cyber security and privacy risk considerations and challenges throughout the IoT device lifecycle for the appropriate risk mitigation goals and areas.” There are three recommendations for doing so:

• Understand the IoT device risk considerations and the challenges they may cause to mitigating cyber security and privacy risks for IoT devices in the appropriate risk mitigation areas.
• Adjust organizational policies and processes to address the cyber security and privacy risk mitigation challenges throughout the IoT device lifecycle. (The publication cites many examples of possible challenges, but notes for each organization to customize based on its own mission requirements and characteristics.)
• Implement updated mitigation practices for the organization’s IoT devices as you would any other changes to practices.

"The IoT market is at a turning point – projects are moving from proof of concept into commercial deployments," said Carrie MacGillivray, group vice president, Internet of Things and Mobility, IDC. "Organizations are looking to extend their investment as they scale their projects, driving spending for the hardware, software, services, and connectivity required to enable IoT solutions".

Let us just hope the security can keep pace with the enterprise adoption.

See Related: “Understanding The Threats That Come With The IoT”