The Internet of Things (IoT) provides convenience, comfort, and cost savings through a vast and growing collection of connected devices ranging from HVAC systems and printers to fitness trackers, medical devices, and automobiles. And not surprisingly, those benefits are attracting the attention of businesses big and small.
“The alluring promise of an improved bottom line will encourage businesses to focus on IoT,” predicts
HP Chief Technology Officer, Shane Wall. “It can lower operating costs, increase productivity, and help businesses expand into new markets or offer new products.”
While it is true that IoT devices can help businesses drive improvements in areas such as operations, staff performance, and the customer experience, a serious issue bubbles below all of that promise: security.
While IoT devices have appealing potential for businesses, real and significant cyber threats exist. During a November 2016 hearing held by the U.S. House Energy and Commerce Committee, a leading cybersecurity scholar reported that the swelling proliferation of insecure IoT products posed “catastrophic risks” to life and property. 
To be certain, IoT-enabled attacks can create armies of zombie computers capable of wreaking havoc on businesses and institutions. In a hospital, for instance, an IoT hack could bring elevators and ventilation systems to a halt, threatening the safety and livelihood of patients, employees, and visitors alike.
A market failure?
Quite simply, IoT security has not kept pace with IoT innovation, a discrepancy that increases the nation's collective vulnerability to cyberattacks and creates safety and economic risks. One cybersecurity expert even termed IoT security a “market failure” during a U.S. House Committee hearing. 
Various cybersecurity experts charge that many IoT device manufacturers do not prioritize security as high as they should and, as a result, billions of hackable devices blanket the marketplace. One study reports that 70% of IoT devices are vulnerable to attack.
The top security problems facing IoT devices include:
- Insecure web or mobile interfaces
- Insecure network services
- Insecure software
- Insufficient authentication
- Lack of transport encryptions
- Lax privacy controls
Confronting negligent IoT security
In November 2016, the U.S. Department of Homeland Security (DHS) unveiled a list of broad action steps to strengthen IoT security. The agency's recommendations included: incorporating security at the design phase, advancing security updates, and building upon recognized security best practices.  Other cybersecurity experts, meanwhile, have called for an independent agency to test the security of IoT devices—something akin to the National Highway Traffic Safety Administration's crash test ratings for automobiles.
Whatever the solutions might be, the DHS contends, the “nation cannot afford a generation of IoT devices deployed with little consideration for security” given the potential consequences to the nation's infrastructure, economy, and individuals' personal privacy. 
The IoT and your business
For businesses craving efficiency, productivity, and profit-boosting technologies, the IoT holds unquestionable appeal. At the same time, businesses will need to be conscientious regarding the IoT devices they deploy and consistently vigilant in their cybersecurity efforts. Fortunately, there are manageable ways to confront IoT security concerns. HP's Security Lab is leading research and innovation
in security for current and future technology, and attention from the public
and private sector continues to push IoT security to the forefront.