Home > Blogs > ISACA Surveys "Risks and Rewards of the Internet of Things"

ISACA Surveys "Risks and Rewards of the Internet of Things"

These days, people are pretty well networked, and a fair percentage -- around a third, by most estimates -- of the world's population has found its way onto the Internet. Apparently, the next big frontier in this dimension is the "Internet of Things" (or "Internet of Everything" as Cisco likes to call it), abbreviated as IoT or IoE, depending on who's talking. These are the billions of devices in our worlds, for everything from thermostats, alarms, and household sensors, to automobiles, houses, and other mega-platforms with which we interact daily. ISACA (the organization formerly known as the Information Systems Audit and Control Association) has done some recent research in this area, and has just published a report entitled "Risks and Rewards of the Internet of Things."

ISACA's recent report provides an interesting take of security as it relates to IoT.

You can find this late October report online, where you'll learn the following:

  • Organizations digging into the IoT have great potential to reap significant rewards including reduced costs, enhanced services, greater efficiency, more accurate supply chain management, improved accessibility to data, increased employee productivity and improved customer satisfaction. How can anyone argue with any of that?
  • Connecting into IoT provides more attack surfaces for hackers and crackers, and enables more frequent attacks on infrastructure components, as well as more opportunities for industrial espionage and thefts of intellectual property (a different kind of IP than most Internet geeks are used to.

In particular, IT professionals need to be ready to deal with challenges around the subjects of identity management, access controls (especially rights and permissions), requests to share data with third parties (especially government bodies or agencies), and an improved sense of information security, data integrity, and privacy and confidentiality protection.

All of these things make the ISACA report well worth a quick read, and some of its key points worth serious pondering. If the benefits of IoT really do outweigh its risks, as a majority of IT professionals believe, organizations and their IT staffs must get ready for a world where IoT is as commonplace and ubiquitous as today's Internet already is. It's not a matter of "if" any more; it's a matter of "when" and "how." And FWIW, I'm expecting to see a plethora of IT certs around the IoT/IoE topic make their appearance in the next 18-24 months. Cisco has already promised a Specialist cert in this area (something with "Industrial networking" in the title seems quite likely) and it's just a matter of time before CompTIA and others jump onto this bandwagon. Stay tuned!