The Internet of Things: Should There Be Regulation?

If you've spent any time reading tech news in the past few years, you know that nothing has been more anticipated than the Internet of Things (IoT). Sure, drone delivery and autonomous vehicles have had their moments in the spotlight, but these technologies will also be brought into the fold of IoT.

American research and advisory firm Gartner, Inc. anticipates there will be 21 billion IoT-connected devices by 2020. As you can imagine, this spans a number of industries including healthcare, manufacturing, consumer tech, business tech, logistics and everything in between.

This is exciting news for a lot of people because it means that various devices, systems and services could all work in concert someday soon. But, unfortunately, there is a downside to IoT - primarily that it lacks even the most basic levels of cybersecurity measures.

This begs the question: Does IoT need regulation? And who should set the standards of IoT resilience? How can businesses employ IoT technologies without opening their networks to disaster?

CyberPolicy examines these questions and more below. And remember, you can visit CyberPolicy for your free cyber liability insurance quote.

IoT: Welcome Innovation or a Cause for Concern?
Although IoT is still in its infancy, it is already being used to address a number of challenges faced by various industries. For example, IoT in healthcare is employed to automatically monitor patient devices and implants, enhance drug management and share lifesaving information across organizations and providers.

But on the flipside, IoT is also being used to infiltrate private networks and launch cyberattacks. For instance, the 2016 Dyn distributed denial-of-service attack (DDoS) that knocked hundreds of websites off the internet was made possible by IoT devices. Essentially, the attacker leveraged a botnet of IoT devices (which is kind of like an army of malware-infected zombie computers) to flood Dyn's DNS until it collapsed from an overload of phony web requests.

One of the ways hackers turn good devices into zombies is through default password protections on popular IoT devices.

This presents us with two major problems, the first being that insecure IoT devices can become a weapon for hackers, and the second that IoT provides additional entry points for cybercriminals. If a hacker can breach one web-connected device on your network, it's easier for them to steal data or compromise operations once they're inside.

It like having a home with dozens of doors to the outside, but no locks to keep intruders out.

Seeking a Solution
So, who is going to clean up this mess? Well, the FCC is already stepping in to develop security regulations for IoT.

"The large and diverse number of IoT vendors, who are driven by competition to keep prices low, hinders coordinated efforts to build security by design into the IoT on a voluntary basis," the FCC says. \"Left unchecked, the growing IoT widens the gap between the ideal investment from the commercial point of view and from society's view."

However, some worry that government regulations could impede innovation and progress and would prefer to see the tech industry develop its own standards and protocols.

But as the FCC statement said, tech companies are generally more focused on quick rollouts and eye-catching functionalities than privacy and defense. In the meantime, it is up to individual businesses to manage their own cybersecurity measures when adopting IoT.

This includes developing strong and unique passwords to replace default logins for IoT products and web routers; siloing employee permissions and service to prevent further incursion; implementing greater vigilance for security incidents through IT teams and automated threat detection; and investing in cybersecurity insurance from a reputable provider.

You may not be able to block every incoming attack or potential data breach, but CyberPolicy can ensure that your organization stay financially healthy through it all. Visit CyberPolicy for more information.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375