SlideShare une entreprise Scribd logo

Flashpoint: Cyber risk in an Internet of Things world

Deloitte United States
Deloitte United States

The Internet of Things (IoT) offers new ways for businesses to create value, however the constant connectivity and data sharing also creates new opportunities for information to be compromised. Explore some of the more notable developments in the battle to combat cyber risks. Read more about our Flashpoints series here: http://deloi.tt/1kSJ8Ku

Technologie
1  sur  9
Flashpoint Cyber risk in an Internet of Things world More data, more opportunity, more risk
Cyber risk in an IoT world What makes the Internet of Things (IoT) different from the traditional Internet? People, for starters. The IoT doesn’t rely on human intervention to function. With the IoT, sensors collect, communicate, analyze, and act on information, offering new ways for technology, media and telecommunications businesses to create value—whether that’s creating entirely new businesses and revenue streams or delivering a more efficient experience for consumers. But this also creates new opportunities for all that information to be compromised. Not only is more data being shared through the IoT, among many more participants, but more sensitive data is being shared. As a result, the risks are exponentially greater. Take the smart home as an illustrative example. Imagine a garage door opener with the added functionality to deactivate the home alarm upon entry. This is a convenient feature for a homeowner entering their home in a hurry. However, now the entire alarm system could potentially be deactivated when only the garage door opener is compromised. The broad range of connectable home devices—TVs, home thermostats, door locks, home alarms, smart home hubs, garage door openers, to name a few—creates a myriad of connection points for hackers to gain entry into IoT ecosystems, access customer information, or even penetrate manufacturers’ back-end systems. Many technology, media and telecom companies are already grappling with these cyber risk challenges. What are they finding? In this issue of Flashpoints, we’ll take a closer look at some of the more notable developments in the battle to combat cyber risks and take advantage of new opportunities as the IoT expandsits reach. IoT Cyber Threat Landscape 1 Flashpoint Cyber risk in an Internet of Things world • An integrated risk philosophy is not optional • Cyber risk management and innovation must be on equal footing • No global risk standards? No excuse • Retrofitting can work—but it introduces new risks • Loosely coupled systems can help now—in lieu of an overhaul About Flashpoints Every day brings new ideas and possibilities to the Technology, Media, and Telecommunications sectors. Flashpoints is your tool for gaining the context you need to make sense of these critical developments—as they emerge.
The cyber risk landscape is inexhaustibly complex and ever changing. This figure provides a broad framework for identifying and managing a much wider range of risks arising from IoT implementations. Source: Deloitte & Touche LLP
An integrated risk philosophy is not optional In most large organizations, the approach to cyber risk may differ by region, product, or business unit. For many, that has worked well enough—parts of the company that require a heightened approach to cyber risk handle their threats in one way, while others take a different tack. But the IoT is forcing many technology, media and telecommunications business leaders to reassess this decentralized approach, since it tends to connect enterprises and their operations in unexpected ways. Safeguarding the IoT is complicated by the scale and scope of data being generated and collected, not to mention the fact that much of it is actually held or accessed by third parties. As a result, many leaders are implementing an umbrella-level cyber risk paradigm, raising standards for cyber risk at every level of the organization, enterprise- wide, from pre-threat to post-event. That means preventing and anticipating IoT- related cyber threats before they take hold, monitoring and neutralizing threats already in play, and restoring normal operations as soon as possible when an organization is struck by a threat. The IoT is forcing many business leaders to reassess their decentralized approaches to cyber risk management. 3 Flashpoint Cyber risk in an Internet of Things world
Cyber risk management and innovation must be on equal footing More information creates more possibilities to create value: This is the promise of the IoT. Today, entire business models are launched on the idea of tight collaboration between organizations—and data is often the glue holding them together, propelling companies to invest significantly in customer analytics capabilities to discover new value streams for their customer. These collaborations are taking advantage of an exceptionally broad portfolio of data types— not just device and system data, but everything from employee rosters and inventory records to non-traditional data types such as facial recognition data, facilities access data, industrial control system data, to name just a few. For many, this is uncharted territory, and along the way, data governance has failed to keep pace. How do you exercise firm control over data governance in that environment? Tighten the controls too much, and you could squeeze the life out of much-needed innovation. Pursue an approach marked by loose oversight, and you could be exposed to outside cyber risks. Cyber risk and innovation are inextricably linked—one shouldn’t be subordinated to the other. Some of the most forward-looking executives in technology, media, and telecommunications are harmonizing these business imperatives by engaging with business leaders both within their organization, as well as outside, to establish a “baseline of normal.” By understanding what “normal” data activity looks like, possible abnormalities can be quickly and accurately flagged for further review. More information creates more possibilities to create value: This is the promise of the IoT. 4 Flashpoint Cyber risk in an Internet of Things world
No global risk standards? No excuse. IoT is an inherently shared ecosystem and operating model that crosses public and private sectors. Yet today, there are no uniform standards governing the IoT. If IoT partners operate strategically and cooperatively, immense value can be created for the consumer. However, in lieu of formal standards, this “shared responsibility” mindset to security and associated governance enforcement will not always work—security breaches have the potential to occur anywhere along the ecosystem, increasing the likelihood that this cooperative mindset may breakdown. Standards are almost certainly on the way, but most believe they’re years off. Meanwhile, the IoT continues to grow apace. Business and technology leaders have no choice but to begin developing and implementing their own global cyber risk standards, despite the lack of guidance. While different industries have aligned in different consortiums, those in the technology, media and telecommunications industries are widely expected to lead the charge. Interoperability among ad hoc, point solutions is one issue where closer collaboration among all the players in the ecosystem is already beginning to happen. While much of the promise of the IoT lies in the ability to aggregate data, today data is generated in different formats, and sensors connect to different networks using different communication protocols. Without common standards governing the functioning of IoT- enabled devices, the barriers to interoperability are immense—but so is the potential business value derived from the IoT. IoT is an inherently shared ecosystem and operating model that crosses public and private sectors. Yet today, there are no uniform standards governing the IoT. 5 Flashpoint Cyber risk in an Internet of Things world
Retrofitting can work—but it introduces new risks Some technology, media, and telecommunications companies are looking to implement IoT solutions on top of existing systems, or are closely collaborating with their own customers and partners who are attempting to do the same. Many of these existing legacy systems, which were once standalone and unconnected, are now vulnerable targets for hacking. Does that mean retrofitting should be avoided? Not necessarily—and given the cost of implementing new technologies, some of which may be obsolete in the near future, retrofitting may look like the stronger option. Along the path to retrofitting, some are encountering new challenges. For example, with so many more points of communication introduced by the IoT, the simple, shared- system accounts and passwords associated with older security programs don’t pass muster. In other cases, it’s clear that purpose-built devices or add-ons designed specifically for the IoT are preferable. Either way, being aware of the risks arising from retrofitting, and accurately assessing them, are crucial steps to effectively managing these risks. 6 Flashpoint Cyber risk in an Internet of Things world Retrofitting can be a viable option given the cost of implementing new technologies, but organizations must first accurately assess the risks.
Loosely coupled systems can help now— in lieu of an overhaul Even leaders working from a wish list of all the security features they would need to manage IoT-related cyber risks know that it’s unrealistic to expect to put them all to work in the near term. But they can begin putting the tenets of such a system to work today—starting with the deployment of loosely coupled systems, which can help ensure that the failure of a single device doesn’t lead to widespread failure. IoT solutions need to be implemented in such a way that they blend organization-specific operational capabilities with multilayered cyber risk management techniques. 6 Flashpoint Cyber risk in an Internet of Things world Loosely coupled systems can help ensure that the failure of a single device doesn’t lead to widespread failure.
Let’s talk This publication contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this publication, rendering business, financial, investment, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this publication. As used in this document, “Deloitte” means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Copyright © 2015 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited The Internet of Things has moved from big idea to reality faster than most expected, much less planned for. But regardless of whether you’ve planned for it, it could already be influencing your organization’s cyber risk profile—and probably warrants more attention today. When organizations optimize their processes for IoT, they can uncover tremendous opportunity for value creation and capture, allowing them to innovate faster, make better decisions and offer compelling products and services to their customers. If you want to know more about these developments or any of those not discussed here, we should talk. We have developed a cyber risk paradigm that focuses on becoming secure, vigilant, and resilient, which has direct relevance for technology, media and telecommunications companies. Contacts In the meantime, be sure to check back for a monthly dose of the latest issues driving the future of technology, media, and telecommunications companies. www.deloitte.com/us/flashpoints @DeloitteTMT #flashpoints Irfan Saif Deloitte Advisory Principal US Advisory Technology leader Deloitte & Touche LLP isaif@deloitte.com

Recommandé

Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT securityIoT613
 
7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk 7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk Hector Del Castillo, CPM, CPMM
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlandsdeloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-NetherlandsDominika Rusek
 
IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresUITSEC Teknoloji A.Ş.
 
Cyber services IoT Security
Cyber services IoT Security Cyber services IoT Security
Cyber services IoT Security Gábor Nagymajtényi
 
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...Capgemini
 

Recommandé

Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT securityIoT613
 
7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk 7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk Hector Del Castillo, CPM, CPMM
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlandsdeloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-NetherlandsDominika Rusek
 
IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresUITSEC Teknoloji A.Ş.
 
Cyber services IoT Security
Cyber services IoT Security Cyber services IoT Security
Cyber services IoT Security Gábor Nagymajtényi
 
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...Capgemini
 
Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT SecurityBill Harpley
 
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Mauro Risonho de Paula Assumpcao
 
[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber SecurityOWASP EEE
 
Broadcast Spectrum Auction
Broadcast Spectrum AuctionBroadcast Spectrum Auction
Broadcast Spectrum AuctionDeloitte United States
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...Dataconomy Media
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemProtecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemCA Technologies
 
5 questions about the IoT (Internet of Things)
5 questions about the IoT (Internet of Things) 5 questions about the IoT (Internet of Things)
5 questions about the IoT (Internet of Things) Deloitte United States
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
2016 02-04-gingell-iot
2016 02-04-gingell-iot2016 02-04-gingell-iot
2016 02-04-gingell-iotgingell
 
GBR hospitality newsletter 2010 Q4
GBR hospitality newsletter 2010 Q4GBR hospitality newsletter 2010 Q4
GBR hospitality newsletter 2010 Q4GBR Consulting
 
Don't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't ScaleDon't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't ScaleReal-Time Innovations (RTI)
 
The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...
The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...
The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...Brian Pulito
 
Virtual Machine Productivity Boosters
Virtual Machine Productivity BoostersVirtual Machine Productivity Boosters
Virtual Machine Productivity BoostersAventis Systems, Inc.
 
Digital Asset Risk and Regulatory Compliance Expectations for 2024
Digital Asset Risk and Regulatory Compliance Expectations for 2024Digital Asset Risk and Regulatory Compliance Expectations for 2024
Digital Asset Risk and Regulatory Compliance Expectations for 2024Deloitte United States
 
Setting the AI table: Leave a seat for legal
Setting the AI table: Leave a seat for legalSetting the AI table: Leave a seat for legal
Setting the AI table: Leave a seat for legalDeloitte United States
 
Turning diligence insights into actionable integration steps
Turning diligence insights into actionable integration stepsTurning diligence insights into actionable integration steps
Turning diligence insights into actionable integration stepsDeloitte United States
 
Emerging Technologies in Transformations Drive the Need for Evolving Internal...
Emerging Technologies in Transformations Drive the Need for Evolving Internal...Emerging Technologies in Transformations Drive the Need for Evolving Internal...
Emerging Technologies in Transformations Drive the Need for Evolving Internal...Deloitte United States
 
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead
Almost Half of Executives Expect Supply Chain Security Challenges in Year AheadAlmost Half of Executives Expect Supply Chain Security Challenges in Year Ahead
Almost Half of Executives Expect Supply Chain Security Challenges in Year AheadDeloitte United States
 
Pivotal Moments All-in-One_FINAL.pdf
Pivotal Moments All-in-One_FINAL.pdfPivotal Moments All-in-One_FINAL.pdf
Pivotal Moments All-in-One_FINAL.pdfDeloitte United States
 

Contenu connexe

En vedette

Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT SecurityBill Harpley
 
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Mauro Risonho de Paula Assumpcao
 
[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber SecurityOWASP EEE
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...Dataconomy Media
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemProtecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemCA Technologies
 
5 questions about the IoT (Internet of Things)
5 questions about the IoT (Internet of Things) 5 questions about the IoT (Internet of Things)
5 questions about the IoT (Internet of Things) Deloitte United States
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
2016 02-04-gingell-iot
2016 02-04-gingell-iot2016 02-04-gingell-iot
2016 02-04-gingell-iotgingell
 
GBR hospitality newsletter 2010 Q4
GBR hospitality newsletter 2010 Q4GBR hospitality newsletter 2010 Q4
GBR hospitality newsletter 2010 Q4GBR Consulting
 
Don't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't ScaleDon't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't ScaleReal-Time Innovations (RTI)
 
The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...
The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...
The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...Brian Pulito
 
Virtual Machine Productivity Boosters
Virtual Machine Productivity BoostersVirtual Machine Productivity Boosters
Virtual Machine Productivity BoostersAventis Systems, Inc.
 

En vedette (16)

Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT Security
 
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
 
[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security
 
Broadcast Spectrum Auction
Broadcast Spectrum AuctionBroadcast Spectrum Auction
Broadcast Spectrum Auction
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemProtecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
 
5 questions about the IoT (Internet of Things)
5 questions about the IoT (Internet of Things) 5 questions about the IoT (Internet of Things)
5 questions about the IoT (Internet of Things)
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
2016 02-04-gingell-iot
2016 02-04-gingell-iot2016 02-04-gingell-iot
2016 02-04-gingell-iot
 
GBR hospitality newsletter 2010 Q4
GBR hospitality newsletter 2010 Q4GBR hospitality newsletter 2010 Q4
GBR hospitality newsletter 2010 Q4
 
Don't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't ScaleDon't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't Scale
 
The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...
The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...
The Enterprise wants WebRTC -- and it needs Middleware to get it! (IIT RTC Co...
 
Virtual Machine Productivity Boosters
Virtual Machine Productivity BoostersVirtual Machine Productivity Boosters
Virtual Machine Productivity Boosters
 

Plus de Deloitte United States

Digital Asset Risk and Regulatory Compliance Expectations for 2024
Digital Asset Risk and Regulatory Compliance Expectations for 2024Digital Asset Risk and Regulatory Compliance Expectations for 2024
Digital Asset Risk and Regulatory Compliance Expectations for 2024Deloitte United States
 
Setting the AI table: Leave a seat for legal
Setting the AI table: Leave a seat for legalSetting the AI table: Leave a seat for legal
Setting the AI table: Leave a seat for legalDeloitte United States
 
Turning diligence insights into actionable integration steps
Turning diligence insights into actionable integration stepsTurning diligence insights into actionable integration steps
Turning diligence insights into actionable integration stepsDeloitte United States
 
Emerging Technologies in Transformations Drive the Need for Evolving Internal...
Emerging Technologies in Transformations Drive the Need for Evolving Internal...Emerging Technologies in Transformations Drive the Need for Evolving Internal...
Emerging Technologies in Transformations Drive the Need for Evolving Internal...Deloitte United States
 
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead
Almost Half of Executives Expect Supply Chain Security Challenges in Year AheadAlmost Half of Executives Expect Supply Chain Security Challenges in Year Ahead
Almost Half of Executives Expect Supply Chain Security Challenges in Year AheadDeloitte United States
 
Divestiture Trends: 2023 Could See More Sell-Offs, but Expect Lengthier and M...
Divestiture Trends: 2023 Could See More Sell-Offs, but Expect Lengthier and M...Divestiture Trends: 2023 Could See More Sell-Offs, but Expect Lengthier and M...
Divestiture Trends: 2023 Could See More Sell-Offs, but Expect Lengthier and M...Deloitte United States
 
Cash and Liquidity Management Confidence Levels Declining Among Executives, a...
Cash and Liquidity Management Confidence Levels Declining Among Executives, a...Cash and Liquidity Management Confidence Levels Declining Among Executives, a...
Cash and Liquidity Management Confidence Levels Declining Among Executives, a...Deloitte United States
 
Few are Confident in Their Organizations’ Ability to Report on ESG Financials
Few are Confident in Their Organizations’ Ability to Report on ESG FinancialsFew are Confident in Their Organizations’ Ability to Report on ESG Financials
Few are Confident in Their Organizations’ Ability to Report on ESG FinancialsDeloitte United States
 
Deloitte Poll: Legacy Tech Poses a Challenge to Zero Trust Adoption
Deloitte Poll: Legacy Tech Poses a Challenge to Zero Trust AdoptionDeloitte Poll: Legacy Tech Poses a Challenge to Zero Trust Adoption
Deloitte Poll: Legacy Tech Poses a Challenge to Zero Trust AdoptionDeloitte United States
 
Private Equity Leads Corporate Deal Teams on ESG in M&A
Private Equity Leads Corporate Deal Teams on ESG in M&APrivate Equity Leads Corporate Deal Teams on ESG in M&A
Private Equity Leads Corporate Deal Teams on ESG in M&ADeloitte United States
 
Almost Half of Executives Expect a Rise in Cyber Events Targeting Accounting ...
Almost Half of Executives Expect a Rise in Cyber Events Targeting Accounting ...Almost Half of Executives Expect a Rise in Cyber Events Targeting Accounting ...
Almost Half of Executives Expect a Rise in Cyber Events Targeting Accounting ...Deloitte United States
 
Could M&A Activity be a Springboard for Controllership Transformation?
Could M&A Activity be a Springboard for Controllership Transformation?Could M&A Activity be a Springboard for Controllership Transformation?
Could M&A Activity be a Springboard for Controllership Transformation?Deloitte United States
 
Putting intercompany accounting back in the spotlight: Controllership Perspec...
Putting intercompany accounting back in the spotlight: Controllership Perspec...Putting intercompany accounting back in the spotlight: Controllership Perspec...
Putting intercompany accounting back in the spotlight: Controllership Perspec...Deloitte United States
 
Many C-suite Executives Say Their Organizations Want to Build Trust in Year A...
Many C-suite Executives Say Their Organizations Want to Build Trust in Year A...Many C-suite Executives Say Their Organizations Want to Build Trust in Year A...
Many C-suite Executives Say Their Organizations Want to Build Trust in Year A...Deloitte United States
 
Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations C...
Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations C...Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations C...
Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations C...Deloitte United States
 
SOX modernization: Optimizing compliance while extracting value
SOX modernization: Optimizing compliance while extracting valueSOX modernization: Optimizing compliance while extracting value
SOX modernization: Optimizing compliance while extracting valueDeloitte United States
 
A new working relationship: Aligning organizations with the workforce of the ...
A new working relationship: Aligning organizations with the workforce of the ...A new working relationship: Aligning organizations with the workforce of the ...
A new working relationship: Aligning organizations with the workforce of the ...Deloitte United States
 

Plus de Deloitte United States (20)

Digital Asset Risk and Regulatory Compliance Expectations for 2024
Digital Asset Risk and Regulatory Compliance Expectations for 2024Digital Asset Risk and Regulatory Compliance Expectations for 2024
Digital Asset Risk and Regulatory Compliance Expectations for 2024
 
Setting the AI table: Leave a seat for legal
Setting the AI table: Leave a seat for legalSetting the AI table: Leave a seat for legal
Setting the AI table: Leave a seat for legal
 
Turning diligence insights into actionable integration steps
Turning diligence insights into actionable integration stepsTurning diligence insights into actionable integration steps
Turning diligence insights into actionable integration steps
 
Emerging Technologies in Transformations Drive the Need for Evolving Internal...
Emerging Technologies in Transformations Drive the Need for Evolving Internal...Emerging Technologies in Transformations Drive the Need for Evolving Internal...
Emerging Technologies in Transformations Drive the Need for Evolving Internal...
 
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead
Almost Half of Executives Expect Supply Chain Security Challenges in Year AheadAlmost Half of Executives Expect Supply Chain Security Challenges in Year Ahead
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead
 
Pivotal Moments All-in-One_FINAL.pdf
Pivotal Moments All-in-One_FINAL.pdfPivotal Moments All-in-One_FINAL.pdf
Pivotal Moments All-in-One_FINAL.pdf
 
Divestiture Trends: 2023 Could See More Sell-Offs, but Expect Lengthier and M...
Divestiture Trends: 2023 Could See More Sell-Offs, but Expect Lengthier and M...Divestiture Trends: 2023 Could See More Sell-Offs, but Expect Lengthier and M...
Divestiture Trends: 2023 Could See More Sell-Offs, but Expect Lengthier and M...
 
Cash and Liquidity Management Confidence Levels Declining Among Executives, a...
Cash and Liquidity Management Confidence Levels Declining Among Executives, a...Cash and Liquidity Management Confidence Levels Declining Among Executives, a...
Cash and Liquidity Management Confidence Levels Declining Among Executives, a...
 
Lead Through Disruption Guide PDF
Lead Through Disruption Guide PDFLead Through Disruption Guide PDF
Lead Through Disruption Guide PDF
 
2023 Cyber Forecast Infographic
2023 Cyber Forecast Infographic2023 Cyber Forecast Infographic
2023 Cyber Forecast Infographic
 
Few are Confident in Their Organizations’ Ability to Report on ESG Financials
Few are Confident in Their Organizations’ Ability to Report on ESG FinancialsFew are Confident in Their Organizations’ Ability to Report on ESG Financials
Few are Confident in Their Organizations’ Ability to Report on ESG Financials
 
Deloitte Poll: Legacy Tech Poses a Challenge to Zero Trust Adoption
Deloitte Poll: Legacy Tech Poses a Challenge to Zero Trust AdoptionDeloitte Poll: Legacy Tech Poses a Challenge to Zero Trust Adoption
Deloitte Poll: Legacy Tech Poses a Challenge to Zero Trust Adoption
 
Private Equity Leads Corporate Deal Teams on ESG in M&A
Private Equity Leads Corporate Deal Teams on ESG in M&APrivate Equity Leads Corporate Deal Teams on ESG in M&A
Private Equity Leads Corporate Deal Teams on ESG in M&A
 
Almost Half of Executives Expect a Rise in Cyber Events Targeting Accounting ...
Almost Half of Executives Expect a Rise in Cyber Events Targeting Accounting ...Almost Half of Executives Expect a Rise in Cyber Events Targeting Accounting ...
Almost Half of Executives Expect a Rise in Cyber Events Targeting Accounting ...
 
Could M&A Activity be a Springboard for Controllership Transformation?
Could M&A Activity be a Springboard for Controllership Transformation?Could M&A Activity be a Springboard for Controllership Transformation?
Could M&A Activity be a Springboard for Controllership Transformation?
 
Putting intercompany accounting back in the spotlight: Controllership Perspec...
Putting intercompany accounting back in the spotlight: Controllership Perspec...Putting intercompany accounting back in the spotlight: Controllership Perspec...
Putting intercompany accounting back in the spotlight: Controllership Perspec...
 
Many C-suite Executives Say Their Organizations Want to Build Trust in Year A...
Many C-suite Executives Say Their Organizations Want to Build Trust in Year A...Many C-suite Executives Say Their Organizations Want to Build Trust in Year A...
Many C-suite Executives Say Their Organizations Want to Build Trust in Year A...
 
Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations C...
Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations C...Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations C...
Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations C...
 
SOX modernization: Optimizing compliance while extracting value
SOX modernization: Optimizing compliance while extracting valueSOX modernization: Optimizing compliance while extracting value
SOX modernization: Optimizing compliance while extracting value
 
A new working relationship: Aligning organizations with the workforce of the ...
A new working relationship: Aligning organizations with the workforce of the ...A new working relationship: Aligning organizations with the workforce of the ...
A new working relationship: Aligning organizations with the workforce of the ...
 

Dernier

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Dernier (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Flashpoint: Cyber risk in an Internet of Things world

  • 1. Flashpoint Cyber risk in an Internet of Things world More data, more opportunity, more risk
  • 2. Cyber risk in an IoT world What makes the Internet of Things (IoT) different from the traditional Internet? People, for starters. The IoT doesn’t rely on human intervention to function. With the IoT, sensors collect, communicate, analyze, and act on information, offering new ways for technology, media and telecommunications businesses to create value—whether that’s creating entirely new businesses and revenue streams or delivering a more efficient experience for consumers. But this also creates new opportunities for all that information to be compromised. Not only is more data being shared through the IoT, among many more participants, but more sensitive data is being shared. As a result, the risks are exponentially greater. Take the smart home as an illustrative example. Imagine a garage door opener with the added functionality to deactivate the home alarm upon entry. This is a convenient feature for a homeowner entering their home in a hurry. However, now the entire alarm system could potentially be deactivated when only the garage door opener is compromised. The broad range of connectable home devices—TVs, home thermostats, door locks, home alarms, smart home hubs, garage door openers, to name a few—creates a myriad of connection points for hackers to gain entry into IoT ecosystems, access customer information, or even penetrate manufacturers’ back-end systems. Many technology, media and telecom companies are already grappling with these cyber risk challenges. What are they finding? In this issue of Flashpoints, we’ll take a closer look at some of the more notable developments in the battle to combat cyber risks and take advantage of new opportunities as the IoT expandsits reach. IoT Cyber Threat Landscape 1 Flashpoint Cyber risk in an Internet of Things world • An integrated risk philosophy is not optional • Cyber risk management and innovation must be on equal footing • No global risk standards? No excuse • Retrofitting can work—but it introduces new risks • Loosely coupled systems can help now—in lieu of an overhaul About Flashpoints Every day brings new ideas and possibilities to the Technology, Media, and Telecommunications sectors. Flashpoints is your tool for gaining the context you need to make sense of these critical developments—as they emerge.
  • 3. The cyber risk landscape is inexhaustibly complex and ever changing. This figure provides a broad framework for identifying and managing a much wider range of risks arising from IoT implementations. Source: Deloitte & Touche LLP
  • 4. An integrated risk philosophy is not optional In most large organizations, the approach to cyber risk may differ by region, product, or business unit. For many, that has worked well enough—parts of the company that require a heightened approach to cyber risk handle their threats in one way, while others take a different tack. But the IoT is forcing many technology, media and telecommunications business leaders to reassess this decentralized approach, since it tends to connect enterprises and their operations in unexpected ways. Safeguarding the IoT is complicated by the scale and scope of data being generated and collected, not to mention the fact that much of it is actually held or accessed by third parties. As a result, many leaders are implementing an umbrella-level cyber risk paradigm, raising standards for cyber risk at every level of the organization, enterprise- wide, from pre-threat to post-event. That means preventing and anticipating IoT- related cyber threats before they take hold, monitoring and neutralizing threats already in play, and restoring normal operations as soon as possible when an organization is struck by a threat. The IoT is forcing many business leaders to reassess their decentralized approaches to cyber risk management. 3 Flashpoint Cyber risk in an Internet of Things world
  • 5. Cyber risk management and innovation must be on equal footing More information creates more possibilities to create value: This is the promise of the IoT. Today, entire business models are launched on the idea of tight collaboration between organizations—and data is often the glue holding them together, propelling companies to invest significantly in customer analytics capabilities to discover new value streams for their customer. These collaborations are taking advantage of an exceptionally broad portfolio of data types— not just device and system data, but everything from employee rosters and inventory records to non-traditional data types such as facial recognition data, facilities access data, industrial control system data, to name just a few. For many, this is uncharted territory, and along the way, data governance has failed to keep pace. How do you exercise firm control over data governance in that environment? Tighten the controls too much, and you could squeeze the life out of much-needed innovation. Pursue an approach marked by loose oversight, and you could be exposed to outside cyber risks. Cyber risk and innovation are inextricably linked—one shouldn’t be subordinated to the other. Some of the most forward-looking executives in technology, media, and telecommunications are harmonizing these business imperatives by engaging with business leaders both within their organization, as well as outside, to establish a “baseline of normal.” By understanding what “normal” data activity looks like, possible abnormalities can be quickly and accurately flagged for further review. More information creates more possibilities to create value: This is the promise of the IoT. 4 Flashpoint Cyber risk in an Internet of Things world
  • 6. No global risk standards? No excuse. IoT is an inherently shared ecosystem and operating model that crosses public and private sectors. Yet today, there are no uniform standards governing the IoT. If IoT partners operate strategically and cooperatively, immense value can be created for the consumer. However, in lieu of formal standards, this “shared responsibility” mindset to security and associated governance enforcement will not always work—security breaches have the potential to occur anywhere along the ecosystem, increasing the likelihood that this cooperative mindset may breakdown. Standards are almost certainly on the way, but most believe they’re years off. Meanwhile, the IoT continues to grow apace. Business and technology leaders have no choice but to begin developing and implementing their own global cyber risk standards, despite the lack of guidance. While different industries have aligned in different consortiums, those in the technology, media and telecommunications industries are widely expected to lead the charge. Interoperability among ad hoc, point solutions is one issue where closer collaboration among all the players in the ecosystem is already beginning to happen. While much of the promise of the IoT lies in the ability to aggregate data, today data is generated in different formats, and sensors connect to different networks using different communication protocols. Without common standards governing the functioning of IoT- enabled devices, the barriers to interoperability are immense—but so is the potential business value derived from the IoT. IoT is an inherently shared ecosystem and operating model that crosses public and private sectors. Yet today, there are no uniform standards governing the IoT. 5 Flashpoint Cyber risk in an Internet of Things world
  • 7. Retrofitting can work—but it introduces new risks Some technology, media, and telecommunications companies are looking to implement IoT solutions on top of existing systems, or are closely collaborating with their own customers and partners who are attempting to do the same. Many of these existing legacy systems, which were once standalone and unconnected, are now vulnerable targets for hacking. Does that mean retrofitting should be avoided? Not necessarily—and given the cost of implementing new technologies, some of which may be obsolete in the near future, retrofitting may look like the stronger option. Along the path to retrofitting, some are encountering new challenges. For example, with so many more points of communication introduced by the IoT, the simple, shared- system accounts and passwords associated with older security programs don’t pass muster. In other cases, it’s clear that purpose-built devices or add-ons designed specifically for the IoT are preferable. Either way, being aware of the risks arising from retrofitting, and accurately assessing them, are crucial steps to effectively managing these risks. 6 Flashpoint Cyber risk in an Internet of Things world Retrofitting can be a viable option given the cost of implementing new technologies, but organizations must first accurately assess the risks.
  • 8. Loosely coupled systems can help now— in lieu of an overhaul Even leaders working from a wish list of all the security features they would need to manage IoT-related cyber risks know that it’s unrealistic to expect to put them all to work in the near term. But they can begin putting the tenets of such a system to work today—starting with the deployment of loosely coupled systems, which can help ensure that the failure of a single device doesn’t lead to widespread failure. IoT solutions need to be implemented in such a way that they blend organization-specific operational capabilities with multilayered cyber risk management techniques. 6 Flashpoint Cyber risk in an Internet of Things world Loosely coupled systems can help ensure that the failure of a single device doesn’t lead to widespread failure.
  • 9. Let’s talk This publication contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this publication, rendering business, financial, investment, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this publication. As used in this document, “Deloitte” means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Copyright © 2015 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited The Internet of Things has moved from big idea to reality faster than most expected, much less planned for. But regardless of whether you’ve planned for it, it could already be influencing your organization’s cyber risk profile—and probably warrants more attention today. When organizations optimize their processes for IoT, they can uncover tremendous opportunity for value creation and capture, allowing them to innovate faster, make better decisions and offer compelling products and services to their customers. If you want to know more about these developments or any of those not discussed here, we should talk. We have developed a cyber risk paradigm that focuses on becoming secure, vigilant, and resilient, which has direct relevance for technology, media and telecommunications companies. Contacts In the meantime, be sure to check back for a monthly dose of the latest issues driving the future of technology, media, and telecommunications companies. www.deloitte.com/us/flashpoints @DeloitteTMT #flashpoints Irfan Saif Deloitte Advisory Principal US Advisory Technology leader Deloitte & Touche LLP isaif@deloitte.com