25% of cyber attacks to involve IoT by 2020

More than 25% of identified attacks in enterprises will involve IoT by 2020, an ACS report has found.

As well as demonstrating the potential benefits of Internet of Things technology, Australia’s IoT Opportunity: Driving Future Growth also assesses the associated cyber risks.

It reveals that many of the risks associated with IoT come as a result of the connective nature of IoT technology.

“Critically, due to the network effect of IoT solutions, a successful cyber attack has the potential to affect not only one asset but all assets connected to the system,” it explains.

“At the same time, each connected asset also becomes a potential ‘thing’ that can be used to enter or hack the system and therefore needs to be secured as well.”

To mitigate such challenges, the report proposes that innovation be balanced against risk as organisations learn to find the balance between making data available and tightening controls.

It calls for a “holistic approach” to security.

Citing the fact IoT is an inherently an interconnected ecosystem, it proposes security measures should be equally widespread.

The introduction of “uniform standards” around security protocols will also help safeguard the technology.

Creating the data strategies to cope

The report also discusses how the power of data can be maximised.

Governments and organisations must develop and prepare “holistic” data strategies to best utilise opportunities presented by the Internet of Thing (IoT).

Labelled as “the underlying currency of the Iot”, data is framed as a key piece to Australia’s innovation puzzle in the report.

“To make meaningful semi-autonomous or potentially fully autonomous decisions, an IoT system needs to collect and interpret vast amounts of it [data], and most solutions become more powerful as more data becomes available,” the report says.

“This can quickly extend beyond the immediate technical data that the system can generate itself.”

It calls for a “no-regrets” approach to data, in which organisations capture and store any data in sight “immediately and comprehensively”.

Not being able to readily manage data – and making “suboptimal” decisions as a result – will no longer be an option for businesses as they prepare for “a future world where data drives everything.”

In relation to IoT, the report highlights the fact increased adoption of devices will result in an increase volume of data being passively collected.

This will not just involve data on the IoT’s ‘things’, but also user data.

As a result, companies will be forced to balance ethical concerns with data collection strategies.

Central to this is providing individuals with the ability to know where their data is being stored and what this data is.

“The challenge for private sector companies is to ensure they maintain consumer and public trust by providing greater transparency and choice, and by actively considering whether potential data uses are in line with the broader public’s expectations, as well as with any relevant regulatory requirements,” the report says.

Legally enforced regulations such as the European Union’s General Data Protection Regulation (GDPR) should help support this.