As we continue to blur the lines along digital and physical boundaries, we may see cybercriminals form allegiances to perpetrate hybrid digital and physical crimes. You can imagine a digital cyber-ring selling stolen property access (e.g. hacked electronic front door or building access codes) or vehicle delivery schedules and routes to traditional criminals.
As IoT ecosystems are developed, and often include multiple partners and suppliers as well as consumers and citizens, it will be important to gain an understanding of the potential legal issues should either sensitive data become compromised or these sensors and devices themselves become controlled by cyber-criminals. A comprehensive risk management strategy, and a robust approach to cybersecurity, will need to be developed to support these new classes of devices, and their new usage scenarios, which extends existing cybersecurity techniques.
Four key tenets of this new approach to cybersecurity will include converged security (to protect physical as well as digital assets), defense-in-depth (even more important with more points of vulnerability on the network), "zero-trust" (to help prevent lateral movement on the network once hackers gain access via IoT devices, for example), and an adaptive perimeter (to help dynamically draw and re-draw lines of protection around key external assets).
Finally, with the "Internet of Behaviors" now storing masses of detailed consumer behavior from the use of IoT devices and systems, it will be critical for organizations to define and clearly understand roles, responsibilities and expectations of each other in terms of data privacy and also in the event of data breach within IoT ecosystems.
Sign up for MIS Asia eNewsletters.