June’s awareness topic is IoT - the Insecurity of Things
Introduction and scope
The Internet of Things (IoT) is a rapidly evolving and fascinating topic, with value for
security awareness purposes. IoT presents a heady mix of risks and opportunities, with substantial commercial, safety, privacy and information security challenges ahead, and
sociological implications for good measure.
As commonly understood, things are mostly small, inexpensive, low-powered, “smart”
wireless devices, electronic gizmos with processing and networking capabilities, sensors and sometimes actuators. Many are discreetly tucked away behind the scenes
, quietly doing whatever they do with no screen or keyboard and barely an LED to reveal their presence. Smart watches, fitness trackers, glasses and other wearables
are obvious, whereas medical monitors and home-detention tags are usually hidden. Smart door locks, thermostats, air conditioners and garage doors are further examples of today’s first-generation things. Meanwhile industrial things are quietly making
inroads into our factories, warehouses, shops and offices, a semi-autonomous electronic army presenting big opportunities … and risks. Hackers and worms are
already discovering and exploiting IoT security vulnerabilities.
The latest NoticeBored module is intended to:
Introduce IoT, providing general background information as context for the awareness materials;
Describe (in generic terms) the information risks and the business opportunities typically associated with or arising from IoT;
Describe the corresponding information security controls and other risk treatment options (not least, avoidance);
Catch workers’ imaginations, opening their eyes to both the possibilities and the concerns;
Influence decision making, behaviors etc.
Think about your learning objectives in relation to IoT security. Is it pertinent to your organization, its products and markets? Are things being used on
the shop floor, distribution centers or warehouses? Is anyone actively researching, developing and selling things in your organization? Are Facilities
Management using smart thermostats, door locks and so forth? Are your vendors and business partners heavily into IoT? Are employees in particular
business units, sites or departments experimenting with wearables whether for work purposes or simply because they love shiny toys? These are all good
reasons to spread awareness beyond the IT Department and traditional IT users this month, and they are potential sources of relevant anecdotes, case
study materials, perhaps even guest speakers for your awareness sessions.
Inside the NoticeBored module
June’s module is suplied as a 73 Mb ZIP file containing the following awareness materials:
Explore the thinking that went into creating the June awareness materials items during May, and tag along as we develop July’s module on the NoticeBored blog.
Building a security culture through awareness
A security culture involves everyone in the organization, top to bottom, collectively valuing, protecting and (where appropriate!) exploiting information.
Subscribe to NoticeBored for fresh perspectives on information risk and security within the corporate context. NoticeBored picks up on the strategic,
governance, compliance and business aspects, particularly in the management stream of course but the principles underpin the general staff and
professional streams too. Information is a valuable and yet vulnerable asset that needs to be protected for sound business reasons.