The Internet of Things and wearable technology are becoming more integrated into our everyday lives. If you haven't already, now is the time to begin planning for their security implications in the enterprise.
According to research firm IHS Technology, more than 200 million wearables will be in use by 2018. That's 200 million more chances of a security issue within your organization. If that number doesn't startle you, Gartner further predicts that 30% of these devices will be invisible to the eye. Devices like smart contact lenses and smart jewelry will be making their way into your workplace. Will you be ready to keep them secure even if you can't see them?
According to TechTarget, "Although there haven't been any major publicized attacks involving wearables yet, as the technology becomes more widely incorporated into business environments and processes, hackers will no doubt look to access the data wearables hold or use them as an entry point into a corporate network."
While it's true that IT cannot possibly be prepared for every potential risk, as an industry we need to do a better job of assessing risks before an attack happens. This includes being prepared for new devices and trends that will pose all new risks for our organizations.
How many of us read the news about a new data breach practically every day and have still yet to improve security measures within our own organizations? If you're thinking "guilty," you're not alone. Organizational change can't always happen overnight, but we can't take our eyes off the ball either.
In a 2014 report, 86% of respondents expressed concern for wearables increasing the risk of data security breaches. IT Business Edge suggests, "With enterprise-sensitive information now being transferred from wrist to wrist, businesses should prepare early and create security policies and procedures regarding the use of wearables within the enterprise." Updating policies is a smart move, but the hard part is anticipating the nature and use of these new devices and then following through with implementing procedures to address them. It seems it may be easier said than done.
We all know that wearables pose security challenges, but how do IT departments begin to address them? This can be especially challenging considering that some of the security risks lie on the device manufacturers rather than the teams responsible for securing the enterprise network the technology is connected to. Many wearables have the ability to store data locally without encryption, PIN protection, or user-authentication features, meaning that if the device is lost or stolen, anyone could potentially access the information.
Beyond the data breach threat of sensitive information being accessed by the wrong hands, wearables take it a step further by providing discreet access for people to use audio or video surveillance to capture sensitive information. Is someone on your own team capturing confidential information with their smartwatch? You may not realize it's happening until it's too late.
How can we effectively provide security on devices that appear insecure by design? It seems the safest option is to ban all wearables in the enterprise – there are too many risks associated with them, many of which seemingly cannot be controlled. If this thought has crossed your mind, I may have bad news for you. This isn't really an option for most organizations, especially those looking to stay current in today's fast-paced society. TechTarget's Michael Cobb explains, "Banning wearable technology outright may well drive employees from shadow IT to rogue IT – which is much harder to deal with."
If the threat of rogue IT isn't enough to convince you, also consider that there may very well be real benefits of wearables for your organization. According to Forrester, the industries that will likely benefit from this technology in the short term are healthcare, retail, and public safety organizations. As an example in the healthcare field, Forrester suggests that "the ability of biometric sensors to continually monitor various health stats, such as blood glucose, blood pressure and sleep patterns, and then send them regularly to healthcare organizations for monitoring could transform health reporting." There are many examples for other industries, and the market continues to evolve every day.
It all boils down to this: enterprise wearables present a classic case of risk versus reward. We know there are many security risks, but are the potential rewards great enough to make the risks worthwhile? This answer may vary based on your industry and organization, but chances are there are many real business opportunities that can come from wearable technology.
If you haven't already, it's time to start talking with your teams about what those opportunities are and the best ways to ease the associated risks. As we all know, the technology will move forward with or without us and the ones who can effectively adapt will be the ones who succeed. It's our job to make sure our organizations are on the right side of that equation.