From smartphones to smart devices to smart vehicles, the billions of connected devices that make up the Internet of Everything (IoE) can create new entry points for hackers and greater security risks for businesses.
The IoE is the network of objects embedded with electronics, software, sensors and connectivity to enable greater value and service by exchanging data with the manufacturer, operator and/or other connected devices.
Cyber risks have assumed a permanent place on the list of things that fleets have to worry about.
“The IoE will be integrated into every market you can think of – from healthcare to the energy industry and transport network – but it hasn’t been designed with security in mind,” says Jamison Nesbitt, founder of Cyber Senate (cybersenate.com), a community of global cybersecurity business leaders. “There are millions of hackers out there that could compromise these interconnected systems.
“We have sacrificed security for efficiency.”
IT company Cisco projects 28 billion connected objects by 2017 and more than 50 billion by 2020.
Recently, a joint research team from the University of Washington and the University of California, San Diego, “showed that hackers could achieve remote access to a vehicle’s critical systems using connected applications that enable roadside assistance,” says Gerry Kane, cyber security segment director, risk engineering, for Zurich (www.zurichna.com), a leading multi-line insurer that serves global and local markets. “They were also able to take over a car’s controls through the music system’s CD drive, highlighting potential risks in the supply chain and development processes for companies manufacturing the cars, for the wireless technology and application creators and for the automotive industry as a whole.”
MANAGE THE RISKS
As might be expected, businesses view the management of potential IoE-related risks as a financial challenge, Zurich’s Kane says. The expense can be lessened if firms follow best practices from a design perspective. For product manufacturers and service providers alike, this takes in the trending concept of “privacy by design.”
“The basic concept embeds privacy in every phase of the process – from concept to development, to the time the product hits the market and arrives in the end user’s hands,” he explains. “This practice may help costs come down dramatically and may also increase the effectiveness of the privacy protections and the risk management behind it.
“In addition, this approach can be much more effective than trying to retrofit privacy or security elements onto a product that has already been launched or is in the final stages of design and development.”
On the risk management planning side, Kane says “the core elements of creating resilience to cyberattacks include incident response planning and business-continuity planning from an enterprise-level perspective, where the organization plans for the worst-case scenario and then rigorously tests those plans.”
IoE SECURITY
Kane of Zurich notes that the cyber-insurance market continues to evolve with regard to the types and scope of coverage available.
“Organizations are focused on data theft and invasions of privacy, and the general consensus is that the insurance industry can provide a financial backstop for those issues,” he says. “Companies are also asking insurers how the underwriting process itself can help them better understand their many risks in the age of IoE.”
He suggests having an insurer bring in a third party – such as an IT security service or IT risk assessment service provider – to do a deep-dive assessment on a company’s network. Not only may it help the insurer understand the potential risk, he notes, but it also can help the company understand its vulnerabilities and what action items can help remedy them.