20 February 2018

McKinsey highlights the latest issues surrounding cyber crime and security in the IoT age

The Internet of Things (IoT) is the interconnection via the internet of computing devices embedded in everyday items such as phones and computers, enabling them to send and receive data. With technology continually advancing, billions of devices are being bought online further developing the Internet of Things and creating new vulnerabilities.

As the digital ages continues and technology continues to advance, digitisation has risen on the executive agenda of many companies, cybersecurity skills and processes have also advanced, but at a slower pace. Rapid growth in the IoT is changing the game. Cyber security is more relevant and challenging than ever, and companies need to build capabilities in this area - quickly.

IoT holds great potential to help companies improve their products and services or increase production efficiency by harnessing sensors and actuators that seamlessly connect objects to computing systems. No wonder, then, that many companies are bringing more and more devices, products, or production systems online, meaning suggested estimates are putting connected devices to reach between 20 and 30 billion globally by 2020.

However, as devices proliferate, the security risks will increase sharply. Historically, risking the confidentiality and integrity of information was the prime concern compared with any risk regarding availability. In the IoT world, lack of availability of key plants or even worse - tampering with a customer product becomes the dominating risk.

With the IoT, security challenges move from a company's traditional IT infrastructure into its connected products in the field, as many companies due to IoT, are likely to have millions or tens of millions of endpoints. And these challenges remain an issue through the entire product life cycle, long after products have been sold. What's more, industrial IoT, or Industry 4.0, means that security becomes a pervasive issue in production as well. Cyber threats in the world of IoT can have consequences beyond compromised customer privacy.

This added complexity makes the IoT a more difficult security environment for companies to manage. Those that succeed, though, could use strong cybersecurity to differentiate themselves in many industries.

McKinsey conducted a multinational expert survey with 400 managers from Germany, Japan, UK and the United States, to explore the views on the relevance of and companies' preparedness for IoT security. The results indicate a yawning gap between perceived priority and the level of preparedness:
- 75% of respondents said that IoT security is either important or very important, and that its relevance will increase. But only 16% say their company is well prepared for the challenge. The survey also indicated that low preparedness is often linked to insufficient budget allocated to IoT cybersecurity.
- The interviews revealed that many companies are ill prepared at every step of the IoT security action chain (predict, prevent, detect, react).
- More than one-third of companies lack a cybersecurity strategy that also covers the IoT. The rest have some sort of strategy but many report struggling to implement it.

Why haven't companies made progress on cyber security implementation, given the perceived risk? The survey indicated a few factors:
- Lack of prioritization.
- Unclear responsibility.
- Lack of standards and technical skills.

How you hedge against the threat?
The BPIF can help make your business secure with certification for both the Cyber Essentials scheme and IASME governance.

Cyber Essentials is a Government backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all businesses. When implemented correctly, you can prevent around 80% of cyber attacks. Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security. The Government wants every company in the UK to be certified by 2020.

IASME (Information Assurance for Small to Medium-sized Enterprises) is a governance standard that demonstrates a company's level of cyber security for a realistic cost. IASME demonstrates that you are taking good steps to properly protect information security and is an internationally recognised alternative to the ISO 27001 standard, for smaller businesses.

What we offer:
• Cyber Essentials, IASME Governance and GDPR Ready - Managed
• Cyber Essentials, IASME Gold and GDPR Ready - Fully Managed
• Cyber Essentials PLUS - Fully Managed

All Fully Managed Cyber Essentials, Cyber Essentials PLUS and IASME Gold are moderated by IASME. IASME is one of the Cyber Essentials accreditation bodies appointed by the UK Government.

Click here for further details.

Source: McKinsey & Company