The Internet of Things (IoT) is moving at the speed of light. For those of you not familiar with IoT let me explain. To put it very simply, IoT is composed of any device that connects to the internet. In the past, this was mostly computer related. However, the IoT can be just about anything. Some examples include our company’s new coffee maker, exercise wrist bands, televisions, internet toys such as animated paper companions such as http://readiymate.com, house and office plant monitors, and so much more. If your company allows employee phones to connect to its network for email, system control, etc. then that phone becomes a way for hackers to get into your world. Let us not forget Target had a cyber security team and cyber security technology yet was still breached through a HVAC contractor. I shop at Target; I believe they learned much from the incident. How many other company executives or boards really put cyber security as a priority? Where do you put it on your priority list, even as an end user of technology?

 

Making Cyber Security a Priority

The IoT will exponentially stress already understaffed, over worked, and under budgeted cyber security teams. Imagine the impact upon companies small and large with no cyber security experience! They are low hanging fruit for the professional cyber-criminal elements. How many companies and individuals have to feel the pain before they change their thinking?

 

As with most security situations, from your house to your laptop, there is only so much security technology can do to protect you. If you keep your keys in the car and do not lock the door, none of the antitheft technology will keep a criminal from stealing your car. You would think with all the common sense and information about locking your car this would be a non-issue. However, “the National Insurance Crime Bureau (NICB) found a disturbing trend — an increasing number of thefts of vehicles with the keys left inside.” “Stealing a vehicle is very difficult with today’s anti-theft technology and leaving the keys in the vehicle is an open invitation for the opportunistic car thief,” said NICB President and CEO Joe Wehrle. Click here for more. Same goes for IoT!

 

Establish Best Practices

Therefore, my tip of the month is for board members, executives, managers, and other end users of technology to be aware of what you are connecting to your company’s network. How is the security posture of your phone, tablet, and even coffee maker? In my experience, the people who are the most serious targets are the ones hardest to take cyber security seriously. Leaders, please be an example because employees will follow your actions much quicker than your words.

 

Imagine how embarrassing it would be if your company is hacked and the entry point into the company’s assets was the fun application on your phone? Another scenario I have seen is someone working from their home PC after their child shut off the security measures because it was making his game slow.

 

Don’t go it alone – Leverage Cyber Security Experts

My final food for thought is,  learn from others’ mistakes so you don’t not have to experience it yourself. Ensure your organization has all of the necessary cyber security measures in place and are following best practices. For more information regarding Symmetry’s cyber security service or to test your own vulnerabilities through a free Cyber Security Assessment visit our cyber security solutions page.

 

About Scott Goolik - VP, Compliance and Security Services

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry tradeshows and ASUG events. His experience includes working for one of the Big Four accounting firms and developing auditing tools, including those for segregation of duties (SOD). Scott is also responsible for architecting the ControlPanelGRC® solution which provides audit automation and acceleration of security and control processes.