IoT’s network of risks includes: cyber attacks, unplanned IT and telecoms outages and data breaches
A tourist inserts a smartcard into a cash terminal at, say, a branch of the BBVA banking group on Spain’s Costa Calida. As soon as the machine reads the card it recognises the user is not Spanish and asks what language they would like to use.
So far, so good. This is the Internet of Things (IoT), the hyperconnected world where data-rich sensors and other components embedded in mobile devices, cards, drones and even nappies will talk to each other. In the IoT there will be much more conversation between mobile devices than between humans as they pour out ever-rising volumes of information.
But while management consultants urge companies to embrace the opportunities presented by the hyperconnected era, especially in terms of mining the wealth of data to boost revenues, the risks are probably roughly commensurate with the opportunities. Cyber attacks are the most obvious example of these hyperconnectivity created-risks but there are many others – and companies are rightly nervous of them.
As the Business Continuity Institute’s latest Horizon Scan Report said, the growing dependency on IoT in all its manifestations poses risk. Polled organisations cited their main threats as cyber attacks, unplanned IT and telecoms outages, and data breaches. This makes managers hesitant to embrace the hyperconnected world. “Senior executives understand that risk alone undermines trust and confidence in the digital economy, reducing its potential by as much as $3 trillion by 2020,” said McKinsey in a 2015 report.
One of the main concerns is how data can be protected. As Kitty Parry, chief executive of UK consultancy Social Media Compliance, warned in November, staff can inadvertently trigger regulatory or reputational breaches on social media. As a result company’s clients can have their data hacked or identities stolen. “Too often we see cases of people using social media and forgetting that the communication is exposed to the world and remains as a permanent record,” she explains.
Finance officers have become a favourite target for internet fraudsters using just email. Richard Boscovich, assistant general counsel of Microsoft’s Digital Crimes Unit, advises financial professionals to be wary of putting personal details on social media, even where they work. “With that kind of information, they’ll use social engineering to find out just enough about a person – where they went to high school, where they went to college – and then create a phishing email. Someone will fall for it,” he says.
As the volume of data increases through the IoT, there are mounting issues over who controls it. Is it the company or the consumer? According to David Lancefield, a specialist in digital management at PwC, people will demand more control over who has access to their data, when they access it and for what purpose. “Digitally-savvy consumers, particularly those in the ‘net generation’, are keen to capture and protect their data in one place,” he says. These consumers have the backing of the European Commission under the right to be forgotten.
The advent of the more collaborative supply chain poses another risk in direct line of descent from more widely shared software platforms. As purchasers and suppliers share more and more information through common platforms there is a clear risk of sensitive information being leaked or lost.