[Adapted from an article by Romana Carr. Source cited at the foot of the Case Study] With a projected $267 billion in market revenue by 2020, the Internet of Things (IoT) is a red-hot topic these days. IoT adoption continues to climb, however it also poses new security concerns. With more data to collect and analyze, the possibility that something goes wrong increases. There are more security gaps, more people involved, and exponentially more information to consider. Although the challenges are greater, there are steps you can take to protect your organization and your sensitive information. How Do We Define IoT? The Internet of Things is a network of physical objects connected to the internet that send and receive information. Any technological device with an internet connection can be part of the IoT. This can include smartphones and other mobile computing devices, wearable tech like fitness trackers, medical devices, home automation, smart buildings, internetenabled appliances, intelligent lighting systems, and autonomous vehicles. IoT Means More Points Of Vulnerability According to IT research and advisory firm Gartner, there are already 8.4 billion connected IoT devices in 2017. And that number will more than double in just three years, reaching 20.4 billion by 2020. Of course, the ever-increasing numbers of IoT devices also means that there are more targets for hackers. Large enterprises using IoT devices expose the greatest risk because of the huge quantity and value their information holds. However, consumers of internet-connected household devices like refrigerators and entertainment systems are also at risk. Another security concern for IoT are hubs, which are convergence points for multiple IoT devices. These are common in enterprise settings. When IoT hubs are not encrypted, they open many devices to vulnerabilities at once. Organizations need to be conscious of the threats that these hubs face and protect them accordingly. Lack Of Built-In Patches Or The Space To Install Them For several other reasons, IoT technology is particularly susceptible to security flaws. Devices such as security CCTV cameras and baby monitors often ship with no built-in security. They run on outdated software that is vulnerable to hackers. With millions of self-driving cars set to join the IoT by 2020, patching and updating security software will become an even greater concern. Unfortunately, many IoT devices simply dont have enough hard drive space to perform upgrades or patches to the Linux kernel. This is usually due to manufacturers prioritizing cost savings over security. After all, smaller hard drives are much less expensive than larger ones. The consequences of this design flaw cascaded into the disastrous Mirai botnet attack of 2016, which temporarily took down the websites of major tech companies including Netflix, Twitter and Spotify. All of these factors combine to create a precarious security situation for IoT devices. Whats more, many organizations that already use IoT dont know how to secure their devices. Often, they are not even aware of the fact that security does not come built-in. Organizations that use or anticipate using IoT need to better understand and plan for the associated risks. Why Encryption And IoT Go Hand-In-Hand There are a variety of IoT devices, from smart coffee makers to heavy construction equipment. Each device is unique, which means the same IoT data encryption solution wont work on every device. Almost every IoT device connects to some kind of hub, edge, storage and/or gateway device. This focal point is the perfect location for establishing security controls and encrypting data at rest or in motion. Best practices for IoT data security should include using encryption solutions that adapt based on the type of environment that theyre encrypting. Carr, R., (2017), IoT Security Challenges With Data And The Cloud, Zettaset, Retrieved 11 July 2019 from: https://www.zettaset.com/blog/iot-security-challenges-data-and-cloud/

Expanding on the scope of the Case Study, identify FIVE [5] sources of Information Security vulnerability and for each, provide an evaluation of general Information safety on the IoT.