Cut the IoT hype and focus on security: IDC
IDC hosts its 9th edition of its Middle East CIO Summit in Abu Dhabi focusing on digital transformation
International Data Corporation's (IDC) Middle East CIO Summit 2016 focused on ‘Leading your organisation's digital transformation', but a key running theme was cyber-security.
As the Internet of Things has exploded the risk of security has also heightened said security experts at IDC, and stressed with 50bn devices connected around the world the chances are, security exploits will evolve just as fast.
"The Internet of Things is Silicon Valley work but let's cut hype around it; devices are spreading rapidly and are being used by ordinary people, meaning non-IT people," said Harshul Joshi, senior vice president of cyber governance, risk and compliance at DarkMatter.
"The main challenge is that with more devices entering the market, the chances are they are low-cost, with no access control or proper authentication."
Joshi explained that society wants to be connected in every way, but the reality is, it is impossible to deal with every requirement. He uses the gas and oil industry as an example: "This sector uses legacy equipment, equipment which was never made to be connected. But here we are, trying to connect this heavy equipment but from a security standpoint, and this is the case for most industries, budget is limited."
Furthermore, he reckons that industries are following the same mistakes made in IT, where there is a rush to reach the technology's peak but leave security behind, but in this case, any breach in the IoT infrastructure will have an effect on human rights.
However Joshi noted it is difficult to know how much to regulate: "How much should be regulated in the IoT sensor world, does it really work or does it slow down innovation?"
He added: "It's just not possible to put a certificate on every sensor, instead understanding the real threat and where it comes from should be a priority."
Mario Foster, group CIO at Saeed & Mohammed Al Naboodah Group said: "This is a new field, and no-one is doing it right yet, but the industry has the opportunity to get it right and within 3-5 years, this field will mature properly."
He advised organisations to "prepare for attacks, not to block it out but to deal with it and plan ahead of time".