SlideShare a Scribd company logo
1 of 17
Download to read offline
Securing the Internet of Things
Opportunity: Putting Cybersecurity
at the Heart of the IoT
22
Capgemini recently launched a new global service line dedicated to cybersecurity that draws expertise
from key disciplines within the Group. As the security of IoT products and systems is a key focus area
for Capgemini, Capgemini Consulting and Sogeti High Tech – a subsidiary of the Capgemini Group that
is specialized in product engineering – launched a study to understand the implications of cybersecurity
threats for the Internet of Things (IoT). This research paper presents our perspective on how organizations
can prepare themselves to address these threats and secure the IoT opportunity.
33
The Internet of Things Opportunity Hinges
on Security
71% of respondents in
our survey agreed that
security concerns will
influence customers’
purchase decision for
IoT products.
While car
manufacturers are
currently focusing
mainly on infotainment-
related connectivity,
in the coming years
we will see many more
developments in the
field of car-to-car
communication and
remote diagnostics. But
this also means that we
will be more and more
vulnerable to malicious
attacks.
- A leading
car manufacturer
Figure 1: Top Security Threats to IoT Products
Source: Capgemini Consulting and Sogeti High Tech, “Security in the Internet of Things Survey”,
November 2014
N=109
There is little arguing the transformative
potential of the Internet of Things (IoT)1
.
However, the IoT business opportunity
rests precariously on one critical factor
– security. A spate of recent hacks
and breaches has revealed glaring
vulnerabilities in the IoT. Consider for
instance, the breach in US-based retailer
Target’s payment systems in late 2013.
This was the largest data hack in US
retail history and resulted in the theft of
40 million credit card numbers2
. What
is extraordinary about this attack is
that hackers gained access to Target’s
network through Internet-enabled
heating, ventilation and air-conditioning
systems installed in its retail stores3
.
The security risks of the IoT apply equally
to the world of connected consumer
devices as they do to industrial systems.
For instance, security researchers Chris
Valasek and Mathew Solnik conducted
experiments to show car makers how
hackers could potentially gain access
to the engine or the steering wheels of
a connected car. The researchers also
50%
43%
41%
39%
28%
Password attacks
Identity spoofing attacks
Data modification attacks
Eavesdropping/traffic sniffing attacks
Denial of Service attacks
% of respondents
showed how hackers could then wrench
the wheels of the car to one side or even
turn off the engines without warning4
.
While these experiments required physical
access to the vehicle, the possibility of a
remote attack is not as far-fetched as it
might seem, given the pace at which
technology is advancing.
As the IoT continues to grow to an
estimated 26 billion devices by 20205
,
Internet-enabled systems will become
increasingly attractive targets for
cyber attacks6
. As an executive at
a leading car manufacturer told us:
“While car manufacturers are currently
focusing mainly on infotainment-related
connectivity, in the coming years we will
see many more developments in the
field of car-to-car communication and
remote diagnostics. But this also means
that we will be more and more vulnerable
to malicious attacks.7
” To understand
more about organizations’ security
concerns, our global survey (see research
methodology at the end of this paper)
probed which exposures concerned
them most (see Figure 1).
4 4
Hackers gained access
to Target’s payment
systems through
Internet-enabled
heating, ventilation
and air-conditioning
systems installed in its
retail stores.
Security researchers
have conducted
experiments to show
car makers how hackers
could potentially gain
access to the engine or
the steering wheels of a
connected car.
The integrity of energy
consumption data is
extremely important in
our industry and has
now become a potential
business stopper.
- A leading smart
meter manufacturer
Figure 2: Impact of Security Concerns on Customers’ Purchase Decision for
IoT Products
Source: Capgemini Consulting and Sogeti High Tech, “Security in the Internet of Things Survey”,
November 2014
N=109
The growing risk of these attacks could
undermine the IoT business opportunity.
71% of respondents in our survey agreed
that security concerns will influence
customers’ purchase decision for IoT
products. Industrial manufacturing and
smart metering firms acknowledge this
to a greater degree than firms in other
segments such as automotive and home
automation (see Figure 2). This may not
be surprising if we consider that industrial
manufacturing and smart metering firms
were among the earliest to embrace
connectivity. The CEO of a leading smart
metering firm affirmed this, saying: “The
integrity of energy consumption data is
extremely important in our industry and
has now become a potential business
stopper.8
”
93%
86%
67%
65%
65%
59%
Industrial Manufacturing
Smart Metering
Medical Devices
Wearables
Automotive
Home Automation
Overall: 71%
Comparison by Industry Segment
Traditional Firms: 74%
Startups: 65%
% of respondents who agree that security concerns will impact
customers' purchase decision for IoT products
Losses arising from cyber attacks on
IoT systems can hit organizations hard.
Target faced plummeting sales and saw a
46% drop in profitability as a result of the
November 2013 attack. In addition, the
company could potentially face a fine of
$400 million to $1.1 billion if a government
probe finds it guilty of not following
industry-specific security standards9
.
Given the massive fallout of cyber
attacks, do organizations prioritize
security adequately and are they
prepared to address the growing risks
of connectivity? Is security a core focus
for organizations as they develop their
IoT products? In the following pages, we
examine how organizations approach
security issues, assess the challenges
they face in securing their IoT products,
and present a blueprint to make security
the cornerstone of an IoT strategy.
5
Figure 3: Resilience of IoT Products to Cybersecurity Attacks
Source: Capgemini Consulting and Sogeti High Tech, “Security in the Internet of Things Survey”, November 2014
Note: Surveyed companies commented on the level of resilience of IoT products in general and not specifically on
their own products
N=109
Only 33% of executives
in our survey believe
that the IoT products
in their industry are
highly resilient to
cybersecurity attacks.
In 2014, an Israeli
security firm showed
how hackers could
exploit a critical
vulnerability in a
popular vehicle-
telematics device to
send malicious updates
to the device, steal data
on the car’s location and
performance, and even
unlock doors remotely.
Raising the IoT Security and Privacy Game
Comparison by Industry Segment
Traditional Firms: 39%
Startups: 23%
50%
50%
47%
35%
18%
10%
Wearables
Smart Metering
Industrial
Manufacturing
Automotive
Home Automation
Medical Devices
Overall: 33%
% of respondents who rate the IoT products in their industry
high on resilience to cyber attacks
Ramping Up Security Levels
Despite increasing cyber attacks on IoT
devices and ample warning from security
experts, most organizations do not
provide adequate security and privacy
safeguards for their IoT products. Only
33% of executives in our survey believe
that the IoT products in their industry
are highly resilient to cybersecurity
attacks. Among industry segments,
home automation and medical device
manufacturers reported the lowest
levels of resilience (see Figure 3). This is
particularly worrying given the expected
uptake of IoT devices in these segments.
For instance, the number of patients using
connected medical devices is expected
to grow from 3 million at the end of 2013
to over 19 million by 201810
.
Research shows that existing security
features in IoT products are not
adequate. An HP study revealed 250
vulnerabilities in ten commonly used
IoT devices, including connected TVs,
webcams, thermostats, door locks and
home alarms. Most products supported
very weak authentication features that
directly exposed them to security risks. In
fact, 8 out of 10 devices failed to require
a password stronger than “1234”11
.
Another significant risk factor is the
continued use of the default password
provided by the manufacturer, which can
often be easily cracked by hackers.
Vulnerabilities arising from lack of
encryption features are also a concern.
In 2014, an Israeli security firm uncovered
a critical vulnerability in a telematics
device developed by Zubie – a US-based
connected-car startup. The research
team found that Zubie’s hardware,
which tracks a car’s performance to
provide drivers with instructions on
improving driving efficiency, did not
encrypt communications between the
device and server. Researchers were
able to demonstrate how hackers could
exploit this weakness to send malicious
updates to the device, steal data on the
car’s location and performance, and even
unlock doors remotely12
.
6
Figure 4: Data Privacy Information Provided by Organizations
N = 100
Source: Capgemini Consulting and Sogeti High Tech Analysis
47% of organizations
do not provide any
kind of data privacy
information regarding
the data generated from
their IoT products.
Only 10% of companies
allow consumers to
either opt-in or opt-out
of data collection and
sharing.
AliveCor, a startup
that provides a
remote cardiac health
monitoring service,
asks users for their
explicit consent before
sharing any data with a
healthcare professional.
The poor security features in IoT products
have inevitably attracted government
attention. The US Federal Trade
Commission (FTC) took action against
TRENDnet, a manufacturer of Internet-
connected home security cameras,
for allowing users’ login credentials to
be transmitted unencrypted over the
Internet, which resulted in hundreds of
camera feeds being hacked and posted
online. Among other things, the FTC
barred TRENDnet from misrepresenting
the security of its cameras and charged
it with providing consumers with free
technical support for two years to help
consumers update or uninstall their
cameras13
.
Privacy Policies Lack
Maturity
Data privacy is also emerging as a major
concern for consumers, which comes
as no surprise. In a recent survey of
US consumers, 66% of respondents
expressed concerns about data privacy
issues stemming from IoT products14
.
However, our benchmarking assessment
of organizations’ IoT data privacy policies
(see research methodology at the end of
this paper) reveals significant concerns.
Of the 100 startups and traditional
organizations that we studied, 47% do
not provide any privacy related information
regarding their IoT products. Even when
they do, organizations rarely enable
consumers to control the collection and
sharing of data from their IoT devices. For
instance, only 10% of companies allow
consumers to either opt-in or opt-out of
data collection and sharing (see Figure 4).
AliveCor, a startup that provides a remote
cardiac health monitoring service, is a
notable exception. AliveCor asks users
for their explicit consent before sharing
any data with a healthcare professional.
In addition, AliveCor’s privacy statement
clearly informs users about how they can
withdraw from sharing data if they wish
to15
.
Another significant omission in most
privacy statements is the absence of
information on how customer data is
dealt with once a service is terminated.
Our research revealed that only 13%
of companies provide this information.
However, there are some exceptions.
Automatic, a startup that offers a
telematics device for connected
cars, informs customers that it may
permanently delete customer data at
its own discretion, upon termination of
service16
. Fitbit, the fitness tracking device
manufacturer, lets consumers know that
it stops storing data once the consumer
terminates a contract17
. Such information
enables consumers to take a more
informed decision about whether to opt
for a service or not.
48%
51%
10%
13%
IoT Data Privacy Policies -
Type of Information Provided to Consumers
Information on Types of Data Collected
Information on How Data is Shared
with Third Parties
Information on Degree of User Control
(Ability to Opt-in or Opt-out of Data
Collection and Sharing)
Information on How Data is Managed
on Service Termination
7
Figure 5: The Expanded Attack Surface of an IoT System
Source: Capgemini Cybersecurity Service Line
Why are Organizations Lagging behind in Securing
their IoT Products and Systems?
A number of factors are affecting
organizations’ ability to put in place
rigorous security. These include an
expanded attack surface, inefficiencies
in the IoT product development process,
the weak security architecture of the
entire IoT system, lack of specialized
security skill-sets, and insufficient use of
third-party support.
The IoT Presents an
Expanded Attack Surface
and Multiple Points of
Vulnerability
Securing an IoT system is a challenge
because of its multiple points of
vulnerability. These include the IoT
product, and the embedded software
and data residing within it. They also
include the data aggregation platform,
data centers used for analysis of sensor
data, and communication channels (see
Figure 5).
Connected Objects
(IoT Products)
Sensors
Internet
Public
Cloud
Gateway
Big Data
Object
Data Center Data Analysis
Data Aggregation
Data Acquisition
Gateway
Hub of sensors Hub of sensors
Object
Private
Cloud
App
App
Securing all of these surfaces is a major
challenge for organizations (see Figure
6). As a senior executive at a leading
European industrial manufacturing firm
explains, it involves a wide-ranging
response: “Securing an IoT system
involves securing the IoT product and
implementing multiple features at the
system level, such as access control
and account management, segregation
of networks and accounts, the use of
secure protocols for data transmission,
and the management of firewall and
antivirus updates.18
”
The security of the IoT product is a key
element of the overal security of an
IoT system. Figure 6 illustrates the key
challenges to securing an IoT product.
The focus on security
can get lost if
organizations rush
to launch their IoT
products, prioritizing
speed-to-market over
security.
8
Source: Capgemini Consulting and Sogeti High Tech, “Security in the Internet of Things Survey”, November 2014
N=109
Figure 6: Key Challenges to Securing IoT Products
For Most Organizations,
Security is not the Core
Focus of the IoT Product
Development Process
Securing a product from cyber attacks
is a critical element of the product
development process in an IoT world.
Michael Murray, the Director of GE
Healthcare’s Cyber Security Consulting
and Assessment division highlights this
when he says, “It’s all about building
these sensitive medical systems and
devices with cyber security in mind,
rather than as an afterthought.” Murray’s
team is responsible for overseeing the
development of the company’s remote
patient monitoring, medical imaging and
diagnosis systems right from the design
phase19
.
However, this focus on security can get
lost if organizations rush to launch their
IoT products, prioritizing speed-to-market
over security. Our survey showed that only
48% of companies focus on securing their
IoT products from the beginning of the
product development phase. In addition,
only 36% are working towards modifying
their IoT development process to focus
more on security from the earliest stages
of product design (see “Cyber Insecurity:
Why IoT Product Security Is Lagging”).
Organizations have not
set up Mechanisms to
Remotely Patch Connected
Devices
Connected products need to be updated
regularly for their defenses to be watertight
to existing and emerging threats. If
patches are not updated frequently, the
risk of cybersecurity attacks increases.
Despite this, our survey revealed that
only 49% of organizations provide remote
updates for their IoT devices (see “Cyber
Insecurity: Why IoT Product Security Is
Lagging”).
There are many reasons for this. Since
most IoT products are built using
inexpensive, low-margin chips, chip
manufacturers are not adequately
incentivized to provide patches for
them. At the same time, vendors of IoT
products, unlike PC and smartphone
manufacturers, may not necessarily
have the technical expertise required to
develop patches20
. In some cases, the
issue lies in the absence of channels to
deliver patches remotely, as organizations
rely on users to manually download
and install them. However, consumers
may not be aware of updates or have
the expertise to install them. 67% of
respondents in our survey cited lack of
awareness among consumers regarding
security best practices as a major cause
of security breaches. Despite this, 41%
of respondents reported that they release
updates online and require consumers to
download and install them.
Only 49% of
organizations provide
remote updates for their
IoT devices.
60%
55%
50%
44%
39%
Securing access to the end-point device
Securing the communication channel
Deploying security updates remotely
on the end-point device
Securing data stored locally in the
end-point device
Securing embedded software in
the end-point device
9
35% of respondents cited the shortage of specialized
security experts in their organizations as a key
challenge to securing IoT products.
Most Organizations are
not Focusing on Acquiring
Specialized Security Skills
for their IoT Products
Despite growing awareness about the
risk of cyber attacks, most organizations
are not working towards building
specialized security skill-sets. Securing
an IoT product requires multiple skills
to cover the app, device, infrastructure
and the communication channel. 35%
of respondents in our survey cited the
shortage of specialized security experts in
their organizations as a key challenge to
securing IoT products. Despite this, only
20% reported that their organizations
are hiring IoT security experts in order to
improve security. Companies like Tesla,
however, are exceptions. Tesla hired
Kirstin Baget, a hacking expert with prior
experience in companies such as Apple,
Google, eBay and Microsoft, to lead its
vehicle security team (see Exhibit 1, “Tesla:
Liaising with the Hacker Community to
Develop Secure Connected Cars”).
Most Organizations are
Not Leveraging Third-Party
Support to Accelerate the
Process of Strengthening
Security
Few organizations are taking proactive
steps to strengthen security by partnering
with, or acquiring, specialized security
firms. Our research revealed that only
35% of companies are partnering with
specialized security firms and only 19%
are acquiring specialized security firms
as part of their IoT security strategy
(see “Cyber Insecurity: Why IoT Product
Security Is Lagging”).
Exhibit 1 - Tesla:Liaising with the Hacker
Community to Develop Secure Connected Cars
Tesla Motors, the leading American electric car maker, makes some of the
most digitally advanced cars in the world. Tesla’s cars are equipped with
over-the-air software updates and provide an infotainment screen that can
be used to control everything from navigation to the door locks. But this also
opens up the possibility of Tesla’s cars being vulnerable to cyber attacks.
Making Tesla Sit Up and Take Notice
The possible consequences of cyber hacking for Tesla’s cars were brought
to the fore by two instances involving Tesla’s Model S electric car. In the first,
the owner of a Model S was able to hack into the car’s system and bring
up a non-standard web browser on its infotainment display. In the second,
participants in a Chinese security conference were able to remotely operate
the car’s lights, horn and sunroof.
Courting Hackers to Develop Secure Systems
Tesla’s initiative to make its cars more secure against much more serious
hacks started with the hiring of Kirstin Baget, a hacking expert with prior
experience in companies such as Apple, Google, eBay and Microsoft, to lead
its vehicle security team. Tesla also attended the Def Con, an annual security
conference held in Las Vegas, in order to hire 20 to 30 hackers to develop
security systems for its current and future vehicles.
Tesla is also courting freelance security researchers and hackers. The
company actively encourages people to report vulnerabilities, and offers
factory tours in exchange. So far, 20 confirmed vulnerabilities have been
exposed in this manner. Tesla adds the names of hackers who are able to
successfully point out security flaws to a “Hall of Fame” list on its website.
Source: Wall Street Journal, “Tesla Invites Hackers for a Spin”, August 2014; Jalopnik, “Tesla
Looking To Hire Up To 30 Hackers To Prevent Pwning”, August 2014; CleanTechnica.com, “Tesla
Motors Snags “Hacker Princess” From Apple”, February 2014
Only 48% of companies
focus on securing their
IoT products from the
beginning of the product
development phase.
10
Securing the communication
channel
Deploying security updates remotely
on end-point devices
50%
Securing access to the
end-point device
60% 55%
Only 48%of organizations
focus on securing their IoT
products from the beginning of
the product development phase
Only 49%of organizations
provide remote updates for
their IoT devices
Security is not a Priority While
Developing IoT Products
Organizations have not set up
Mechanisms to Remotely Patch
Connected Devices
Key Challenges to Securing IoT Products: % of respondents
IoT Security is in the Slow Lane
% of respondents: % of respondents:
Ignoring the importance of building
in-house capabilities to secure IoT products
Not exploring external expertise to secure
IoT products
Acquiring specialized
security firms – 19%
Inviting third parties
such as hackers to
identify vulnerabilities in
IoT products – 28%
Hiring IoT security
experts – 20%
Appointing a team to look into the
development of data privacy
policies for IoT products – 35%
Partnering with specialized
security firms – 35%
Increasing IoT R&D spending
on security – 43%
Modifying the IoT product
development process to focus
more on security from the earliest
stages of product design – 36%
Cyber Insecurity: Why IoT Product Security is Lagging
An Expanded Attack Surface Increases the Challenge of Securing IoT Products
11
Gold-Standard Security:Making Security the Core
of the IoT Value Proposition
The results of the risk-
analysis should feed
into the IoT business
plan, so that decisions
on proceeding with
product development
and launch are based on
a strong understanding
of the potential risk
factors.
Organizations should
set up an integrated
team structure for IoT
product development,
comprising business
executives as well as
security specialists.
A significant number of
software vulnerabilities
can be addressed if
organizations adhere to
secure coding standards
and best practices.
Set up an Integrated Team
of Business Executives and
Security Specialists
The first step in securing an IoT system
is to treat security as a fundamental
element of the product value proposition.
This means that product managers and
security specialists must work together
to plan the IoT product roadmap and
conceptualize the defining features and
functionality of the product. To achieve
this, organizations should set up an
integrated team structure for IoT product
development, comprising business
executives as well as security specialists.
This will enable greater collaboration
between business executives and security
specialists and, in turn, help ensure that
business and security considerations
related to IoT product development are
well-balanced.
Integrate Security Best
Practice with the IoT
Product Development
Process
Product Planning Should Begin with
a Detailed Risk Analysis
The IoT product planning process should
begin with a detailed risk analysis so that
organizations have a clear view of the
cyber threat landscape and a firm basis
for choosing the right security features
for their IoT products (see Figure 7).
The analysis should include a study of
disruptive attack scenarios, especially
those arising from new and advanced
types of threats. In addition, organizations
must quantify the financial and non-
financial impact of potential attacks on
the organization as well as end-users.
The results of the risk-analysis should
feed into the IoT business plan, so that
decisions on proceeding with product
development and launch are based on a
strong understanding of the potential risk
factors.
A cybersecurity expert from a leading
European research organization highlighted
the importance of this analysis. “The
technical measures for improving security –
such as authentication and cryptography –
are a second level problem,” he explained.
“The first level is to understand the risks.
Organizations need to know what they
want to protect against and then choose a
solution depending on their analysis.21
”
Embed Security throughout the IoT
Product Design Process
This includes the design, coding, testing
and evaluation:
 Secured design. Security mechanisms
must be defined and implemented
in the hardware and software
architecture, during the design
phase of the product. Organizations
must also pay special attention to
the implementation of cryptographic
mechanisms.
 Secured coding. A significant
number of software vulnerabilities can
be addressed if organizations adhere
to secure coding standards and
best practices. Specific mechanisms
such as code obfuscation should be
implemented to prevent the reverse
engineering of source code.
 Rigorous testing. IoT products
should be subject to stringent
security testing – including application
security testing, functional testing and
penetration testing – for the hardware
as well as software components of
the IoT system.
 Security evaluation. As the final
step of securing their IoT products,
organizations should liaise with
specialized third-party security firms
that have an Information Technology
Security Evaluation Facility (ITSEF)a
to
ensure that these products go through
a formal security evaluation process,
such as Common Criteriab
. Such an
evaluation from a certified lab could in
turn enable an organization to obtain
an international security certificate for
its IoT products.
a
An accredited laboratory for security evaluations
b
Common Criteria for Information Technology Security
Evaluation (abbreviated as Common Criteria or CC) is
an international standard for the security evaluation of
computer products and systems
12
Figure 7: Revamp the IoT Product Development Process to Comprehensively Address Security Issues
Source: Capgemini Consulting and Sogeti High Tech Analysis
To prevent cyber
attacks, organizations
must ensure that they
educate consumers
about the correct
security procedures to
be followed while using
an IoT system.
Security
Certification
Risk
Analysis
Secured
Design
Secured
Coding
Rigorous
Testing
Get IoT systems certified
for compliance (ex: IT
security Common Criteria)
Conduct application security
testing, functional testing
and penetration testing
for hardware and
software components
Follow secure coding
best practices to prevent
the creation of security
vulnerabilities in the code
Design hardware
and software to be
secure from the
ground up
Determine security goals
based on an analysis of
disruptive threat scenarios
Educate Consumers as
well as Front Line Staff in
Security Best Practice
Including strong security features is only
one part of securing an IoT product. The
security of an IoT product also depends
on the manner in which it is operated. To
prevent cyber attacks, organizations must
ensure that they educate consumers
about the correct security procedures
to be followed. This includes coaching
on seemingly elementary issues, such
as changing passwords regularly, which
still remains one of the most common
causes of security breaches. A senior
executive at a leading European industrial
manufacturing firm affirmed this view:
“There are ways to counterbalance
new kinds of threats from a technical
standpoint. But that is not enough. It
is also absolutely critical that the right
procedures are laid down to operate a
system. For example, customers need to
change passwords regularly and manage
access control appropriately.22
”
At the same time, organizations must also
train technical support staff so that they
are better able to coach customers on
security issues. An executive at a leading
equipment manufacturer highlighted the
need for such training, saying: “Our front
line function, which is responsible for
maintenance and spare parts, is made up
of old-school technology specialists. They
now need to understand the security
features of our connected equipment
so that they can respond to customer
queries on security issues.23
”
13
Privacy policies should be readily accessible to
consumers and easy to understand.
Address Privacy Concerns
with Transparent Privacy
Policies
To protect consumers from potential data
privacy breaches, organizations must
develop privacy policies that clearly detail
how data from IoT devices is collected
and used. Privacy policies should be
readily accessible to consumers and easy
to understand. Further, guidelines for
opting into a service (or opting out) should
be clearly described so that consumers
can make informed choices about sharing
data. In a post-Snowden world, where
consumers are growing increasingly
concerned about data privacy issues, a
transparent privacy policy can be a key
differentiator for an organization, signaling
its commitment to protecting the interests
of consumers.
While few organizations today seem
to recognize security as a source of
competitive advantage in the IoT world,
BlackBerry is a notable exception. The
smartphone manufacturer is aiming to
establishitselfasaleaderintheIoTmarket,
based on the platform of security (see
Exhibit 2, “BlackBerry: Making Security
the Foundation of an IoT Offering”).
Cyber attacks are a grim reality in an
increasingly connected world. However,
despite mounting evidence of the
potential human and material impact of
such attacks, organizations have not yet
trained all their guns on security threats.
Building a secure IoT system begins with
the recognition that security needs to be
as much of a priority as the features and
functionality of an IoT product.
As the world economy struggles to
escape from stagnation and slowing
growth levels, the IoT is a massive
opportunity for organizations to achieve
new levels of efficiency and to develop
innovative new services and products.
However, like Achilles, whose strength
was compromised by one telling
vulnerability, organizations must act on
IoT security. Organizations that recognize
this imperative are the ones who will lead
this new IoT revolution.
Exhibit 2 - BlackBerry:Making Security the
Foundation of an IoT Offering
BlackBerry, the once-iconic smartphone manufacturer, is betting on IoT to
script a turnaround story. A major part of BlackBerry’s transformation strategy
involves leveraging its strengths in network security to become a leader in
the IoT market. BlackBerry aims to achieve this by building an IoT platform
that allows its customers to develop secure IoT applications. BlackBerry’s IoT
platform will provide various device management features that include over-
the-air software updates. It is built on the “Project Ion” initiative that BlackBerry
launched in May 2014 and leverages technologies that have made BlackBerry
a leader in mobile data security and embedded systems. BlackBerry plans to
initially target the shipping and automotive sectors with its platform. In future, it
plans to extend the platform to other industry verticals such as healthcare and
energy.
Project Ion:Laying the Foundation of a Secure IoT Platform
BlackBerry’s Project Ion initiative comprises multiple efforts designed to
promote the development of the IoT. This includes a secure application platform
to gather data from across a range of devices and operating environments, and
building relationships between partners, carriers and application developers. It
also aims at building strategic partnerships with industry organizations such as
the Industrial Internet Consortium and the Applications Developers Alliance.
QNX Systems:Bringing the Expertise in Embedded Software
QNX, bought by BlackBerry in 2010, is an operating system for embedded
devices. QNX already powers mission-critical systems in cars, industrial
applications and medical devices. It has a market share of more than 50% in
the infotainment market and more than 50 million vehicles use QNX. In addition
to infotainment systems, QNX also powers the “H Box” - a device used to
capture and transmit secure medical data between patients, doctors and
healthcare providers.
Source: Financial Post, “How BlackBerry can become the Google or Twitter of the Internet of Things”,
August 2014; BlackBerry Website; Forbes, “A Look At BlackBerry’s Internet of Things Strategy”,
January 2015; Techcrunch, “BlackBerry Reveals Project Ion, Its QNX-Powered Effort To Underpin
The Internet Of Things”, May 2014; Forbes, “A Look At BlackBerry’s Internet of Things Strategy”,
January 2015
14
Research Methodology
Capgemini Consulting and Sogeti High Tech conducted extensive research to understand the current state of security for
IoT products. The research spanned two areas: the main survey concerning the security of the IoT and a benchmarking
assessment of organizations’ privacy policies. We surveyed more than 100 large enterprises and startups, interviewed
industry executives and cybersecurity experts, and evaluated the data privacy policies governing the use of IoT devices in
100 organizations.
The Security of the IoT Survey
The survey was conducted in November 2014 and covered more than 100 industry executives involved in the development
of IoT products. Survey respondents came from a range of industry segments, including Wearables, Medical Devices,
Automotive, Home Automation, Smart Metering, and Industrial Manufacturing. The survey focused on gathering opinions
on the following areas – the current levels of security in IoT products, key challenges that organizations face in securing
their IoT products, and the approach to securing IoT products.
Survey Demographics
Privacy Policy Benchmarking Assessment
We researched the IoT data privacy policies of 100 companies across the Wearables, Medical Devices, Automotive, and
Home Automation segments. We evaluated the policies based on the level of transparency that they provided to users on
the manner in which data from IoT devices was collected, used and shared with third parties.
Wearables
Medical Devices
Automotive
Home Automation
Industrial
Manufacturing
Smart Metering
Europe
USA
APAC
Region-wise Distribution of Respondents Industry-wise Distribution of Respondents
18%
19%
16%
20%
14%
13%
4%
58%
38%
1515
About the Capgemini Cybersecurity Service Line
Capgemini and Sogeti are experts in IT infrastructure and application integration. Together, we offer a complete range
of cybersecurity services to guide and secure the digital transformation of companies and administrations. Our 2,500
professional employees support you in defining and implementing your cybersecurity strategies. We protect your IT and
industrial systems, and the Internet of Things (IoT) products & systems. We have the resources to strengthen your defenses,
optimize your investments and control your risks. They include our security experts (Infrastructures, Applications, Endpoints,
Identity and Access Management), and our R&D team that specializes in malware analysis and forensics. We have ethical
hackers, five multi-tenant security operation centers (SOC) around the world, an Information Technology Security Evaluation
Facility, and we are a global leader in the field of testing.
16
1 Capgemini Consulting, “The Internet of Things: Are Organizations Ready For A Multi-Trillion Dollar Prize?”, May 2014
2 Bloomberg, “Target’s Data Breach: The Largest Retail Hack in U.S. History”, May 2014
3 ComputerWorld, “Target attack shows danger of remotely accessible HVAC systems”, February 2014
4 The Economist, “Home, hacked home: The perils of connected devices”, July 2014
5 Gartner.com, “Gartner Says the Internet of Things Installed Base Will Grow to 26 Billion Units By 2020”, December 2013
6 Pew Research Center, “Digital Life in 2025: Cyber Attacks Likely to Increase”, October 2014
7 Capgemini Consulting and Sogeti High Tech Interview
8 Capgemini Consulting and Sogeti High Tech Interview
9 Washington Post, “Data breach hits Target’s profits, but that’s only the tip of the iceberg”, February 2014
10 LinkedIn.com, “Berg Insight says 3.0 million patients worldwide are remotely monitored”, 2014
11 HP.com, “HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack”, July 2014
12 Forbes.com, “Zubie: This Car Safety Tool ‘Could Have Given Hackers Control Of Your Vehicle’”, July 2014
13 FTC.gov, Federal Trade Commission, “Marketer of Internet-Connected Home Security Video Cameras Settles FTC Charges It
Failed to Protect Consumers’ Privacy”, September 2013
14 CIO Today, “Internet of Things Growing Despite Privacy, Security Concerns”, December 2014
15 AliveCor.com, “AliveCor Privacy Notice”, September 2014
16 Automatic.com, “Terms of Service” (as on October 10th, 2014)
17 Fitbit.com, “Fitbit Privacy Policy”, August 2014
18 Capgemini Consulting and Sogeti High Tech Interview
19 InformationWeek Dark Reading, “Hiring Hackers To Secure The Internet Of Things”, December 2014
20 Wired.com, “The Internet of Things Is Wildly Insecure — And Often Unpatchable”, January 2014
21 Capgemini Consulting and Sogeti High Tech Interview
22 Capgemini Consulting and Sogeti High Tech Interview
23 Capgemini Consulting and Sogeti High Tech Interview
References
Rightshore®
is a trademark belonging to Capgemini
CapgeminiConsultingistheglobalstrategyandtransformation
consulting organization of the Capgemini Group, specializing
in advising and supporting enterprises in significant
transformation,frominnovativestrategytoexecutionandwith
an unstinting focus on results. With the new digital economy
creating significant disruptions and opportunities, our global
team of over 3,600 talented individuals work with leading
companiesandgovernmentstomasterDigitalTransformation,
drawing on our understanding of the digital economy and
our leadership in business transformation and organizational
change.
Find out more at: www.capgemini-consulting.com
Capgemini Consulting is the strategy and transformation consulting brand of Capgemini Group. The information contained in this document is proprietary.
© 2014 Capgemini. All rights reserved.
With more than 25 years of experience, Sogeti High Tech makes
its skills and know-how available to industry in Aeronautics
and Space, Defense, Energy, Telecoms & Media, Railway and
Life Sciences sectors. To be more responsive to market needs,
Sogeti High Tech has developed a range of expertise based
on its R&D department, High Tech Labs, a real innovations
incubator. In close partnership with its customers, Sogeti
High Tech develops and manufactures solutions with a high
added value in the areas of Internet of Things, collaborative
multi-agents systems, Big Data and cybersecurity. Subsidiary
company of Capgemini Group, Sogeti High Tech is a center
of excellence in System Engineering, Physical Engineering,
Software Engineering, Testing and Consulting services.
Learn more about us at www.sogeti-hightech.fr
Jerome Buvat
Head of Digital Transformation
Research Institute
jerome.buvat@capgemini.com
Didier Appell
Director, Sogeti High Tech
didier.appell@sogeti.com
Roopa Nambiar
Manager, Digital Transformation
Research Institute
roopa.nambiar@capgemini.com
Ashish Bisht
Senior Consultant, Digital
Transformation Research Institute
ashish.bisht@capgemini.com
Franck Greverie
Corporate Vice President and
Global Head of Cybersecurity
franck.greverie@sogeti.com
Authors
For more information contact
Capgemini Consulting
Sogeti High Tech
Digital Transformation
Research Institute
dtri.in@capgemini.com
The authors would like to acknowledge the contributions of Melle van den Berg from Capgemini Consulting Netherlands, Johan
Williamson and Karl Bjurstrom from Capgemini Consulting Sweden, Florian Knollmann from Capgemini Consulting Germany, and Erik
van Ommeren from Sogeti Group.
The authors would also like to acknowledge the numerous executives who took time out of their schedules to share their views on
security in the Internet of Things with us.
Germany/Austria/Switzerland
Guido Kamann
guido.kamann@capgemini.com
France
Cyril François
cyril.francois@capgemini.com
Netherlands
Onno Franken
onno.franken@capgemini.com
Spain
Christophe Jean Marc Mario
christophe.mario@capgemini.com
Sweden/Finland
Ulf Larson
ulf.larson@capgemini.com
United Kingdom
Richard Bowler
richard.bowler@capgemini.com
United States
Jeffrey T Hunter
jeffrey.hunter@capgemini.com
Sweden
Karl Bjurstrom
karl.bjurstrom@capgemini.com
Didier Appell
didier.appell@sogeti.com
Philippe Meleard
philippe.meleard@sogeti.com
With more than 130,000 people in over 40 countries, Capgemini is one of the world’s foremost providers of consulting, technology and
outsourcing services. The Group reported 2013 global revenues of EUR 10.1 billion. Together with its clients, Capgemini creates and delivers
business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has
developed its own way of working, the Collaborative Business ExperienceTM
, and draws on Rightshore®
, its worldwide delivery model.
Learn more about us at www.capgemini.com
About Capgemini and the
Collaborative Business Experience

More Related Content

What's hot

AI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to ValueAI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to ValueCognizant
 
The Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalThe Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalCognizant
 
The Internet of Things: Are Organizations Ready For A Multi-Trillion Dollar P...
The Internet of Things: Are Organizations Ready For A Multi-Trillion Dollar P...The Internet of Things: Are Organizations Ready For A Multi-Trillion Dollar P...
The Internet of Things: Are Organizations Ready For A Multi-Trillion Dollar P...Capgemini
 
Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Cognizant
 
Report 3 the fourth industrial revolution - things to tighten the link betwe...
Report 3  the fourth industrial revolution - things to tighten the link betwe...Report 3  the fourth industrial revolution - things to tighten the link betwe...
Report 3 the fourth industrial revolution - things to tighten the link betwe...Rick Bouter
 
Implications of Industry 4.0 for CIOs
Implications of Industry 4.0 for CIOsImplications of Industry 4.0 for CIOs
Implications of Industry 4.0 for CIOsCapgemini
 
How Insurance CIOs Can Remake Themselves to Lead Digital Transformation
How Insurance CIOs Can Remake Themselves to Lead Digital TransformationHow Insurance CIOs Can Remake Themselves to Lead Digital Transformation
How Insurance CIOs Can Remake Themselves to Lead Digital TransformationCognizant
 
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...Cognizant
 
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...Cognizant
 
Governance a central component of successful digital transformation - capg...
Governance    a central component of successful digital transformation - capg...Governance    a central component of successful digital transformation - capg...
Governance a central component of successful digital transformation - capg...Rick Bouter
 
Realising Digital’s Full Potential in the Value Chain
Realising Digital’s Full Potential in the Value ChainRealising Digital’s Full Potential in the Value Chain
Realising Digital’s Full Potential in the Value ChainCognizant
 
Cracking the Data Conundrum: How Successful Companies Make #BigData Operational
Cracking the Data Conundrum: How Successful Companies Make #BigData OperationalCracking the Data Conundrum: How Successful Companies Make #BigData Operational
Cracking the Data Conundrum: How Successful Companies Make #BigData OperationalCapgemini
 
Future-ready Insurance Systems – An Insurer’s Guide to Optimizing Technology ...
Future-ready Insurance Systems – An Insurer’s Guide to Optimizing Technology ...Future-ready Insurance Systems – An Insurer’s Guide to Optimizing Technology ...
Future-ready Insurance Systems – An Insurer’s Guide to Optimizing Technology ...Accenture Insurance
 
Intelligent Enterprise Unleashed
Intelligent Enterprise UnleashedIntelligent Enterprise Unleashed
Intelligent Enterprise Unleashedaccenture
 
WEFUSA_IndustrialInternet_Report2015
WEFUSA_IndustrialInternet_Report2015WEFUSA_IndustrialInternet_Report2015
WEFUSA_IndustrialInternet_Report2015Michael Cihra
 
Going Digital: General Electric and its Digital Transformation
Going Digital: General Electric and its Digital TransformationGoing Digital: General Electric and its Digital Transformation
Going Digital: General Electric and its Digital TransformationCapgemini
 
Catering to 'Generation Now': Making Digital Connections Intelligent, Persona...
Catering to 'Generation Now': Making Digital Connections Intelligent, Persona...Catering to 'Generation Now': Making Digital Connections Intelligent, Persona...
Catering to 'Generation Now': Making Digital Connections Intelligent, Persona...Cognizant
 
Ctrl-alt-del: Rebooting the Business Model for the Digital Age
Ctrl-alt-del: Rebooting the Business Model for the Digital AgeCtrl-alt-del: Rebooting the Business Model for the Digital Age
Ctrl-alt-del: Rebooting the Business Model for the Digital AgeCapgemini
 
Why Businesses Must Embrace Digital Transformation
Why Businesses Must Embrace Digital TransformationWhy Businesses Must Embrace Digital Transformation
Why Businesses Must Embrace Digital TransformationDiscerning Digital
 

What's hot (19)

AI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to ValueAI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to Value
 
The Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalThe Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with Digital
 
The Internet of Things: Are Organizations Ready For A Multi-Trillion Dollar P...
The Internet of Things: Are Organizations Ready For A Multi-Trillion Dollar P...The Internet of Things: Are Organizations Ready For A Multi-Trillion Dollar P...
The Internet of Things: Are Organizations Ready For A Multi-Trillion Dollar P...
 
Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...
 
Report 3 the fourth industrial revolution - things to tighten the link betwe...
Report 3  the fourth industrial revolution - things to tighten the link betwe...Report 3  the fourth industrial revolution - things to tighten the link betwe...
Report 3 the fourth industrial revolution - things to tighten the link betwe...
 
Implications of Industry 4.0 for CIOs
Implications of Industry 4.0 for CIOsImplications of Industry 4.0 for CIOs
Implications of Industry 4.0 for CIOs
 
How Insurance CIOs Can Remake Themselves to Lead Digital Transformation
How Insurance CIOs Can Remake Themselves to Lead Digital TransformationHow Insurance CIOs Can Remake Themselves to Lead Digital Transformation
How Insurance CIOs Can Remake Themselves to Lead Digital Transformation
 
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
 
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
 
Governance a central component of successful digital transformation - capg...
Governance    a central component of successful digital transformation - capg...Governance    a central component of successful digital transformation - capg...
Governance a central component of successful digital transformation - capg...
 
Realising Digital’s Full Potential in the Value Chain
Realising Digital’s Full Potential in the Value ChainRealising Digital’s Full Potential in the Value Chain
Realising Digital’s Full Potential in the Value Chain
 
Cracking the Data Conundrum: How Successful Companies Make #BigData Operational
Cracking the Data Conundrum: How Successful Companies Make #BigData OperationalCracking the Data Conundrum: How Successful Companies Make #BigData Operational
Cracking the Data Conundrum: How Successful Companies Make #BigData Operational
 
Future-ready Insurance Systems – An Insurer’s Guide to Optimizing Technology ...
Future-ready Insurance Systems – An Insurer’s Guide to Optimizing Technology ...Future-ready Insurance Systems – An Insurer’s Guide to Optimizing Technology ...
Future-ready Insurance Systems – An Insurer’s Guide to Optimizing Technology ...
 
Intelligent Enterprise Unleashed
Intelligent Enterprise UnleashedIntelligent Enterprise Unleashed
Intelligent Enterprise Unleashed
 
WEFUSA_IndustrialInternet_Report2015
WEFUSA_IndustrialInternet_Report2015WEFUSA_IndustrialInternet_Report2015
WEFUSA_IndustrialInternet_Report2015
 
Going Digital: General Electric and its Digital Transformation
Going Digital: General Electric and its Digital TransformationGoing Digital: General Electric and its Digital Transformation
Going Digital: General Electric and its Digital Transformation
 
Catering to 'Generation Now': Making Digital Connections Intelligent, Persona...
Catering to 'Generation Now': Making Digital Connections Intelligent, Persona...Catering to 'Generation Now': Making Digital Connections Intelligent, Persona...
Catering to 'Generation Now': Making Digital Connections Intelligent, Persona...
 
Ctrl-alt-del: Rebooting the Business Model for the Digital Age
Ctrl-alt-del: Rebooting the Business Model for the Digital AgeCtrl-alt-del: Rebooting the Business Model for the Digital Age
Ctrl-alt-del: Rebooting the Business Model for the Digital Age
 
Why Businesses Must Embrace Digital Transformation
Why Businesses Must Embrace Digital TransformationWhy Businesses Must Embrace Digital Transformation
Why Businesses Must Embrace Digital Transformation
 

Viewers also liked

IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresUITSEC Teknoloji A.Ş.
 
Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT SecurityBill Harpley
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Mauro Risonho de Paula Assumpcao
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT securityIoT613
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Cyren cybersecurity of things
Cyren cybersecurity of thingsCyren cybersecurity of things
Cyren cybersecurity of thingsChristian Milde
 
Securing IoT devices
Securing IoT devicesSecuring IoT devices
Securing IoT devicesCharef Hamdi
 
WHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsWHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsSymantec
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTautomatskicorporation
 
Internet of Things Microservices
Internet of Things MicroservicesInternet of Things Microservices
Internet of Things MicroservicesCapgemini
 
Designing for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical SystemDesigning for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical SystemMaurizio Caporali
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetNathan Wallace, PhD, PE
 
Webinar: Cybersecurity and the New Age of Hackers
Webinar: Cybersecurity and the New Age of HackersWebinar: Cybersecurity and the New Age of Hackers
Webinar: Cybersecurity and the New Age of HackersModern Healthcare
 
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)U.S. News Healthcare of Tomorrow
 
Isa Chapters Cyber is Hard presentation v1.0
Isa Chapters Cyber  is Hard presentation v1.0Isa Chapters Cyber  is Hard presentation v1.0
Isa Chapters Cyber is Hard presentation v1.0grp362
 

Viewers also liked (20)

IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructures
 
Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT Security
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT security
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Cyren cybersecurity of things
Cyren cybersecurity of thingsCyren cybersecurity of things
Cyren cybersecurity of things
 
Securing IoT devices
Securing IoT devicesSecuring IoT devices
Securing IoT devices
 
WHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsWHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of Things
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoT
 
Deft
DeftDeft
Deft
 
Internet of Things Microservices
Internet of Things MicroservicesInternet of Things Microservices
Internet of Things Microservices
 
Designing for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical SystemDesigning for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical System
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the Internet
 
Webinar: Cybersecurity and the New Age of Hackers
Webinar: Cybersecurity and the New Age of HackersWebinar: Cybersecurity and the New Age of Hackers
Webinar: Cybersecurity and the New Age of Hackers
 
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
 
Isa Chapters Cyber is Hard presentation v1.0
Isa Chapters Cyber  is Hard presentation v1.0Isa Chapters Cyber  is Hard presentation v1.0
Isa Chapters Cyber is Hard presentation v1.0
 

Similar to Securing the Internet of Things Opportunity: Putting Cybersecurity at the Heart of the #IoT

Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
Automotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into OverdriveAutomotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into Overdriveaccenture
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Samir Kotarwar
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?Cognizant
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsNirmal Misra
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1pStéphane Roule
 
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...Thierry Labro
 
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”Black Duck by Synopsys
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020TestingXperts
 
Biometrics: A New Wrinkle Changes the Authentication Landscape
Biometrics: A New Wrinkle Changes the Authentication Landscape Biometrics: A New Wrinkle Changes the Authentication Landscape
Biometrics: A New Wrinkle Changes the Authentication Landscape mercatoradvisory
 
Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享m12016changTIIMP
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
Middle East IoT Workshop
Middle East IoT WorkshopMiddle East IoT Workshop
Middle East IoT WorkshopHaider Iqbal
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51Felipe Prado
 
Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...IJECEIAES
 
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Black Duck by Synopsys
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaRahul Neel Mani
 
INSECURE Magazine - 42
INSECURE Magazine - 42INSECURE Magazine - 42
INSECURE Magazine - 42Felipe Prado
 
Top 10 trends for telecom industry in 2022
Top 10 trends for telecom industry in 2022Top 10 trends for telecom industry in 2022
Top 10 trends for telecom industry in 2022ShamraizQamer
 
Global Cyber Security Overview | TechSci Research
Global Cyber Security Overview | TechSci Research Global Cyber Security Overview | TechSci Research
Global Cyber Security Overview | TechSci Research TechSci Research
 

Similar to Securing the Internet of Things Opportunity: Putting Cybersecurity at the Heart of the #IoT (20)

Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
Automotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into OverdriveAutomotive Cybersecurity: Shifting into Overdrive
Automotive Cybersecurity: Shifting into Overdrive
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of Things
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p
 
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
 
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
 
Biometrics: A New Wrinkle Changes the Authentication Landscape
Biometrics: A New Wrinkle Changes the Authentication Landscape Biometrics: A New Wrinkle Changes the Authentication Landscape
Biometrics: A New Wrinkle Changes the Authentication Landscape
 
Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
Middle East IoT Workshop
Middle East IoT WorkshopMiddle East IoT Workshop
Middle East IoT Workshop
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
 
Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...
 
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
 
INSECURE Magazine - 42
INSECURE Magazine - 42INSECURE Magazine - 42
INSECURE Magazine - 42
 
Top 10 trends for telecom industry in 2022
Top 10 trends for telecom industry in 2022Top 10 trends for telecom industry in 2022
Top 10 trends for telecom industry in 2022
 
Global Cyber Security Overview | TechSci Research
Global Cyber Security Overview | TechSci Research Global Cyber Security Overview | TechSci Research
Global Cyber Security Overview | TechSci Research
 

More from Capgemini

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022Capgemini
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Capgemini
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Capgemini
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022Capgemini
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Capgemini
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022Capgemini
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Capgemini
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですCapgemini
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Capgemini
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Capgemini
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Capgemini
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Capgemini
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021Capgemini
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Capgemini
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Capgemini
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Capgemini
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Capgemini
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Capgemini
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020Capgemini
 

More from Capgemini (20)

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020
 

Recently uploaded

My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and businessFrancesco Corti
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfTejal81
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosErol GIRAUDY
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 

Recently uploaded (20)

My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and business
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenarios
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 

Securing the Internet of Things Opportunity: Putting Cybersecurity at the Heart of the #IoT

  • 1. Securing the Internet of Things Opportunity: Putting Cybersecurity at the Heart of the IoT
  • 2. 22 Capgemini recently launched a new global service line dedicated to cybersecurity that draws expertise from key disciplines within the Group. As the security of IoT products and systems is a key focus area for Capgemini, Capgemini Consulting and Sogeti High Tech – a subsidiary of the Capgemini Group that is specialized in product engineering – launched a study to understand the implications of cybersecurity threats for the Internet of Things (IoT). This research paper presents our perspective on how organizations can prepare themselves to address these threats and secure the IoT opportunity.
  • 3. 33 The Internet of Things Opportunity Hinges on Security 71% of respondents in our survey agreed that security concerns will influence customers’ purchase decision for IoT products. While car manufacturers are currently focusing mainly on infotainment- related connectivity, in the coming years we will see many more developments in the field of car-to-car communication and remote diagnostics. But this also means that we will be more and more vulnerable to malicious attacks. - A leading car manufacturer Figure 1: Top Security Threats to IoT Products Source: Capgemini Consulting and Sogeti High Tech, “Security in the Internet of Things Survey”, November 2014 N=109 There is little arguing the transformative potential of the Internet of Things (IoT)1 . However, the IoT business opportunity rests precariously on one critical factor – security. A spate of recent hacks and breaches has revealed glaring vulnerabilities in the IoT. Consider for instance, the breach in US-based retailer Target’s payment systems in late 2013. This was the largest data hack in US retail history and resulted in the theft of 40 million credit card numbers2 . What is extraordinary about this attack is that hackers gained access to Target’s network through Internet-enabled heating, ventilation and air-conditioning systems installed in its retail stores3 . The security risks of the IoT apply equally to the world of connected consumer devices as they do to industrial systems. For instance, security researchers Chris Valasek and Mathew Solnik conducted experiments to show car makers how hackers could potentially gain access to the engine or the steering wheels of a connected car. The researchers also 50% 43% 41% 39% 28% Password attacks Identity spoofing attacks Data modification attacks Eavesdropping/traffic sniffing attacks Denial of Service attacks % of respondents showed how hackers could then wrench the wheels of the car to one side or even turn off the engines without warning4 . While these experiments required physical access to the vehicle, the possibility of a remote attack is not as far-fetched as it might seem, given the pace at which technology is advancing. As the IoT continues to grow to an estimated 26 billion devices by 20205 , Internet-enabled systems will become increasingly attractive targets for cyber attacks6 . As an executive at a leading car manufacturer told us: “While car manufacturers are currently focusing mainly on infotainment-related connectivity, in the coming years we will see many more developments in the field of car-to-car communication and remote diagnostics. But this also means that we will be more and more vulnerable to malicious attacks.7 ” To understand more about organizations’ security concerns, our global survey (see research methodology at the end of this paper) probed which exposures concerned them most (see Figure 1).
  • 4. 4 4 Hackers gained access to Target’s payment systems through Internet-enabled heating, ventilation and air-conditioning systems installed in its retail stores. Security researchers have conducted experiments to show car makers how hackers could potentially gain access to the engine or the steering wheels of a connected car. The integrity of energy consumption data is extremely important in our industry and has now become a potential business stopper. - A leading smart meter manufacturer Figure 2: Impact of Security Concerns on Customers’ Purchase Decision for IoT Products Source: Capgemini Consulting and Sogeti High Tech, “Security in the Internet of Things Survey”, November 2014 N=109 The growing risk of these attacks could undermine the IoT business opportunity. 71% of respondents in our survey agreed that security concerns will influence customers’ purchase decision for IoT products. Industrial manufacturing and smart metering firms acknowledge this to a greater degree than firms in other segments such as automotive and home automation (see Figure 2). This may not be surprising if we consider that industrial manufacturing and smart metering firms were among the earliest to embrace connectivity. The CEO of a leading smart metering firm affirmed this, saying: “The integrity of energy consumption data is extremely important in our industry and has now become a potential business stopper.8 ” 93% 86% 67% 65% 65% 59% Industrial Manufacturing Smart Metering Medical Devices Wearables Automotive Home Automation Overall: 71% Comparison by Industry Segment Traditional Firms: 74% Startups: 65% % of respondents who agree that security concerns will impact customers' purchase decision for IoT products Losses arising from cyber attacks on IoT systems can hit organizations hard. Target faced plummeting sales and saw a 46% drop in profitability as a result of the November 2013 attack. In addition, the company could potentially face a fine of $400 million to $1.1 billion if a government probe finds it guilty of not following industry-specific security standards9 . Given the massive fallout of cyber attacks, do organizations prioritize security adequately and are they prepared to address the growing risks of connectivity? Is security a core focus for organizations as they develop their IoT products? In the following pages, we examine how organizations approach security issues, assess the challenges they face in securing their IoT products, and present a blueprint to make security the cornerstone of an IoT strategy.
  • 5. 5 Figure 3: Resilience of IoT Products to Cybersecurity Attacks Source: Capgemini Consulting and Sogeti High Tech, “Security in the Internet of Things Survey”, November 2014 Note: Surveyed companies commented on the level of resilience of IoT products in general and not specifically on their own products N=109 Only 33% of executives in our survey believe that the IoT products in their industry are highly resilient to cybersecurity attacks. In 2014, an Israeli security firm showed how hackers could exploit a critical vulnerability in a popular vehicle- telematics device to send malicious updates to the device, steal data on the car’s location and performance, and even unlock doors remotely. Raising the IoT Security and Privacy Game Comparison by Industry Segment Traditional Firms: 39% Startups: 23% 50% 50% 47% 35% 18% 10% Wearables Smart Metering Industrial Manufacturing Automotive Home Automation Medical Devices Overall: 33% % of respondents who rate the IoT products in their industry high on resilience to cyber attacks Ramping Up Security Levels Despite increasing cyber attacks on IoT devices and ample warning from security experts, most organizations do not provide adequate security and privacy safeguards for their IoT products. Only 33% of executives in our survey believe that the IoT products in their industry are highly resilient to cybersecurity attacks. Among industry segments, home automation and medical device manufacturers reported the lowest levels of resilience (see Figure 3). This is particularly worrying given the expected uptake of IoT devices in these segments. For instance, the number of patients using connected medical devices is expected to grow from 3 million at the end of 2013 to over 19 million by 201810 . Research shows that existing security features in IoT products are not adequate. An HP study revealed 250 vulnerabilities in ten commonly used IoT devices, including connected TVs, webcams, thermostats, door locks and home alarms. Most products supported very weak authentication features that directly exposed them to security risks. In fact, 8 out of 10 devices failed to require a password stronger than “1234”11 . Another significant risk factor is the continued use of the default password provided by the manufacturer, which can often be easily cracked by hackers. Vulnerabilities arising from lack of encryption features are also a concern. In 2014, an Israeli security firm uncovered a critical vulnerability in a telematics device developed by Zubie – a US-based connected-car startup. The research team found that Zubie’s hardware, which tracks a car’s performance to provide drivers with instructions on improving driving efficiency, did not encrypt communications between the device and server. Researchers were able to demonstrate how hackers could exploit this weakness to send malicious updates to the device, steal data on the car’s location and performance, and even unlock doors remotely12 .
  • 6. 6 Figure 4: Data Privacy Information Provided by Organizations N = 100 Source: Capgemini Consulting and Sogeti High Tech Analysis 47% of organizations do not provide any kind of data privacy information regarding the data generated from their IoT products. Only 10% of companies allow consumers to either opt-in or opt-out of data collection and sharing. AliveCor, a startup that provides a remote cardiac health monitoring service, asks users for their explicit consent before sharing any data with a healthcare professional. The poor security features in IoT products have inevitably attracted government attention. The US Federal Trade Commission (FTC) took action against TRENDnet, a manufacturer of Internet- connected home security cameras, for allowing users’ login credentials to be transmitted unencrypted over the Internet, which resulted in hundreds of camera feeds being hacked and posted online. Among other things, the FTC barred TRENDnet from misrepresenting the security of its cameras and charged it with providing consumers with free technical support for two years to help consumers update or uninstall their cameras13 . Privacy Policies Lack Maturity Data privacy is also emerging as a major concern for consumers, which comes as no surprise. In a recent survey of US consumers, 66% of respondents expressed concerns about data privacy issues stemming from IoT products14 . However, our benchmarking assessment of organizations’ IoT data privacy policies (see research methodology at the end of this paper) reveals significant concerns. Of the 100 startups and traditional organizations that we studied, 47% do not provide any privacy related information regarding their IoT products. Even when they do, organizations rarely enable consumers to control the collection and sharing of data from their IoT devices. For instance, only 10% of companies allow consumers to either opt-in or opt-out of data collection and sharing (see Figure 4). AliveCor, a startup that provides a remote cardiac health monitoring service, is a notable exception. AliveCor asks users for their explicit consent before sharing any data with a healthcare professional. In addition, AliveCor’s privacy statement clearly informs users about how they can withdraw from sharing data if they wish to15 . Another significant omission in most privacy statements is the absence of information on how customer data is dealt with once a service is terminated. Our research revealed that only 13% of companies provide this information. However, there are some exceptions. Automatic, a startup that offers a telematics device for connected cars, informs customers that it may permanently delete customer data at its own discretion, upon termination of service16 . Fitbit, the fitness tracking device manufacturer, lets consumers know that it stops storing data once the consumer terminates a contract17 . Such information enables consumers to take a more informed decision about whether to opt for a service or not. 48% 51% 10% 13% IoT Data Privacy Policies - Type of Information Provided to Consumers Information on Types of Data Collected Information on How Data is Shared with Third Parties Information on Degree of User Control (Ability to Opt-in or Opt-out of Data Collection and Sharing) Information on How Data is Managed on Service Termination
  • 7. 7 Figure 5: The Expanded Attack Surface of an IoT System Source: Capgemini Cybersecurity Service Line Why are Organizations Lagging behind in Securing their IoT Products and Systems? A number of factors are affecting organizations’ ability to put in place rigorous security. These include an expanded attack surface, inefficiencies in the IoT product development process, the weak security architecture of the entire IoT system, lack of specialized security skill-sets, and insufficient use of third-party support. The IoT Presents an Expanded Attack Surface and Multiple Points of Vulnerability Securing an IoT system is a challenge because of its multiple points of vulnerability. These include the IoT product, and the embedded software and data residing within it. They also include the data aggregation platform, data centers used for analysis of sensor data, and communication channels (see Figure 5). Connected Objects (IoT Products) Sensors Internet Public Cloud Gateway Big Data Object Data Center Data Analysis Data Aggregation Data Acquisition Gateway Hub of sensors Hub of sensors Object Private Cloud App App Securing all of these surfaces is a major challenge for organizations (see Figure 6). As a senior executive at a leading European industrial manufacturing firm explains, it involves a wide-ranging response: “Securing an IoT system involves securing the IoT product and implementing multiple features at the system level, such as access control and account management, segregation of networks and accounts, the use of secure protocols for data transmission, and the management of firewall and antivirus updates.18 ” The security of the IoT product is a key element of the overal security of an IoT system. Figure 6 illustrates the key challenges to securing an IoT product. The focus on security can get lost if organizations rush to launch their IoT products, prioritizing speed-to-market over security.
  • 8. 8 Source: Capgemini Consulting and Sogeti High Tech, “Security in the Internet of Things Survey”, November 2014 N=109 Figure 6: Key Challenges to Securing IoT Products For Most Organizations, Security is not the Core Focus of the IoT Product Development Process Securing a product from cyber attacks is a critical element of the product development process in an IoT world. Michael Murray, the Director of GE Healthcare’s Cyber Security Consulting and Assessment division highlights this when he says, “It’s all about building these sensitive medical systems and devices with cyber security in mind, rather than as an afterthought.” Murray’s team is responsible for overseeing the development of the company’s remote patient monitoring, medical imaging and diagnosis systems right from the design phase19 . However, this focus on security can get lost if organizations rush to launch their IoT products, prioritizing speed-to-market over security. Our survey showed that only 48% of companies focus on securing their IoT products from the beginning of the product development phase. In addition, only 36% are working towards modifying their IoT development process to focus more on security from the earliest stages of product design (see “Cyber Insecurity: Why IoT Product Security Is Lagging”). Organizations have not set up Mechanisms to Remotely Patch Connected Devices Connected products need to be updated regularly for their defenses to be watertight to existing and emerging threats. If patches are not updated frequently, the risk of cybersecurity attacks increases. Despite this, our survey revealed that only 49% of organizations provide remote updates for their IoT devices (see “Cyber Insecurity: Why IoT Product Security Is Lagging”). There are many reasons for this. Since most IoT products are built using inexpensive, low-margin chips, chip manufacturers are not adequately incentivized to provide patches for them. At the same time, vendors of IoT products, unlike PC and smartphone manufacturers, may not necessarily have the technical expertise required to develop patches20 . In some cases, the issue lies in the absence of channels to deliver patches remotely, as organizations rely on users to manually download and install them. However, consumers may not be aware of updates or have the expertise to install them. 67% of respondents in our survey cited lack of awareness among consumers regarding security best practices as a major cause of security breaches. Despite this, 41% of respondents reported that they release updates online and require consumers to download and install them. Only 49% of organizations provide remote updates for their IoT devices. 60% 55% 50% 44% 39% Securing access to the end-point device Securing the communication channel Deploying security updates remotely on the end-point device Securing data stored locally in the end-point device Securing embedded software in the end-point device
  • 9. 9 35% of respondents cited the shortage of specialized security experts in their organizations as a key challenge to securing IoT products. Most Organizations are not Focusing on Acquiring Specialized Security Skills for their IoT Products Despite growing awareness about the risk of cyber attacks, most organizations are not working towards building specialized security skill-sets. Securing an IoT product requires multiple skills to cover the app, device, infrastructure and the communication channel. 35% of respondents in our survey cited the shortage of specialized security experts in their organizations as a key challenge to securing IoT products. Despite this, only 20% reported that their organizations are hiring IoT security experts in order to improve security. Companies like Tesla, however, are exceptions. Tesla hired Kirstin Baget, a hacking expert with prior experience in companies such as Apple, Google, eBay and Microsoft, to lead its vehicle security team (see Exhibit 1, “Tesla: Liaising with the Hacker Community to Develop Secure Connected Cars”). Most Organizations are Not Leveraging Third-Party Support to Accelerate the Process of Strengthening Security Few organizations are taking proactive steps to strengthen security by partnering with, or acquiring, specialized security firms. Our research revealed that only 35% of companies are partnering with specialized security firms and only 19% are acquiring specialized security firms as part of their IoT security strategy (see “Cyber Insecurity: Why IoT Product Security Is Lagging”). Exhibit 1 - Tesla:Liaising with the Hacker Community to Develop Secure Connected Cars Tesla Motors, the leading American electric car maker, makes some of the most digitally advanced cars in the world. Tesla’s cars are equipped with over-the-air software updates and provide an infotainment screen that can be used to control everything from navigation to the door locks. But this also opens up the possibility of Tesla’s cars being vulnerable to cyber attacks. Making Tesla Sit Up and Take Notice The possible consequences of cyber hacking for Tesla’s cars were brought to the fore by two instances involving Tesla’s Model S electric car. In the first, the owner of a Model S was able to hack into the car’s system and bring up a non-standard web browser on its infotainment display. In the second, participants in a Chinese security conference were able to remotely operate the car’s lights, horn and sunroof. Courting Hackers to Develop Secure Systems Tesla’s initiative to make its cars more secure against much more serious hacks started with the hiring of Kirstin Baget, a hacking expert with prior experience in companies such as Apple, Google, eBay and Microsoft, to lead its vehicle security team. Tesla also attended the Def Con, an annual security conference held in Las Vegas, in order to hire 20 to 30 hackers to develop security systems for its current and future vehicles. Tesla is also courting freelance security researchers and hackers. The company actively encourages people to report vulnerabilities, and offers factory tours in exchange. So far, 20 confirmed vulnerabilities have been exposed in this manner. Tesla adds the names of hackers who are able to successfully point out security flaws to a “Hall of Fame” list on its website. Source: Wall Street Journal, “Tesla Invites Hackers for a Spin”, August 2014; Jalopnik, “Tesla Looking To Hire Up To 30 Hackers To Prevent Pwning”, August 2014; CleanTechnica.com, “Tesla Motors Snags “Hacker Princess” From Apple”, February 2014 Only 48% of companies focus on securing their IoT products from the beginning of the product development phase.
  • 10. 10 Securing the communication channel Deploying security updates remotely on end-point devices 50% Securing access to the end-point device 60% 55% Only 48%of organizations focus on securing their IoT products from the beginning of the product development phase Only 49%of organizations provide remote updates for their IoT devices Security is not a Priority While Developing IoT Products Organizations have not set up Mechanisms to Remotely Patch Connected Devices Key Challenges to Securing IoT Products: % of respondents IoT Security is in the Slow Lane % of respondents: % of respondents: Ignoring the importance of building in-house capabilities to secure IoT products Not exploring external expertise to secure IoT products Acquiring specialized security firms – 19% Inviting third parties such as hackers to identify vulnerabilities in IoT products – 28% Hiring IoT security experts – 20% Appointing a team to look into the development of data privacy policies for IoT products – 35% Partnering with specialized security firms – 35% Increasing IoT R&D spending on security – 43% Modifying the IoT product development process to focus more on security from the earliest stages of product design – 36% Cyber Insecurity: Why IoT Product Security is Lagging An Expanded Attack Surface Increases the Challenge of Securing IoT Products
  • 11. 11 Gold-Standard Security:Making Security the Core of the IoT Value Proposition The results of the risk- analysis should feed into the IoT business plan, so that decisions on proceeding with product development and launch are based on a strong understanding of the potential risk factors. Organizations should set up an integrated team structure for IoT product development, comprising business executives as well as security specialists. A significant number of software vulnerabilities can be addressed if organizations adhere to secure coding standards and best practices. Set up an Integrated Team of Business Executives and Security Specialists The first step in securing an IoT system is to treat security as a fundamental element of the product value proposition. This means that product managers and security specialists must work together to plan the IoT product roadmap and conceptualize the defining features and functionality of the product. To achieve this, organizations should set up an integrated team structure for IoT product development, comprising business executives as well as security specialists. This will enable greater collaboration between business executives and security specialists and, in turn, help ensure that business and security considerations related to IoT product development are well-balanced. Integrate Security Best Practice with the IoT Product Development Process Product Planning Should Begin with a Detailed Risk Analysis The IoT product planning process should begin with a detailed risk analysis so that organizations have a clear view of the cyber threat landscape and a firm basis for choosing the right security features for their IoT products (see Figure 7). The analysis should include a study of disruptive attack scenarios, especially those arising from new and advanced types of threats. In addition, organizations must quantify the financial and non- financial impact of potential attacks on the organization as well as end-users. The results of the risk-analysis should feed into the IoT business plan, so that decisions on proceeding with product development and launch are based on a strong understanding of the potential risk factors. A cybersecurity expert from a leading European research organization highlighted the importance of this analysis. “The technical measures for improving security – such as authentication and cryptography – are a second level problem,” he explained. “The first level is to understand the risks. Organizations need to know what they want to protect against and then choose a solution depending on their analysis.21 ” Embed Security throughout the IoT Product Design Process This includes the design, coding, testing and evaluation:  Secured design. Security mechanisms must be defined and implemented in the hardware and software architecture, during the design phase of the product. Organizations must also pay special attention to the implementation of cryptographic mechanisms.  Secured coding. A significant number of software vulnerabilities can be addressed if organizations adhere to secure coding standards and best practices. Specific mechanisms such as code obfuscation should be implemented to prevent the reverse engineering of source code.  Rigorous testing. IoT products should be subject to stringent security testing – including application security testing, functional testing and penetration testing – for the hardware as well as software components of the IoT system.  Security evaluation. As the final step of securing their IoT products, organizations should liaise with specialized third-party security firms that have an Information Technology Security Evaluation Facility (ITSEF)a to ensure that these products go through a formal security evaluation process, such as Common Criteriab . Such an evaluation from a certified lab could in turn enable an organization to obtain an international security certificate for its IoT products. a An accredited laboratory for security evaluations b Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard for the security evaluation of computer products and systems
  • 12. 12 Figure 7: Revamp the IoT Product Development Process to Comprehensively Address Security Issues Source: Capgemini Consulting and Sogeti High Tech Analysis To prevent cyber attacks, organizations must ensure that they educate consumers about the correct security procedures to be followed while using an IoT system. Security Certification Risk Analysis Secured Design Secured Coding Rigorous Testing Get IoT systems certified for compliance (ex: IT security Common Criteria) Conduct application security testing, functional testing and penetration testing for hardware and software components Follow secure coding best practices to prevent the creation of security vulnerabilities in the code Design hardware and software to be secure from the ground up Determine security goals based on an analysis of disruptive threat scenarios Educate Consumers as well as Front Line Staff in Security Best Practice Including strong security features is only one part of securing an IoT product. The security of an IoT product also depends on the manner in which it is operated. To prevent cyber attacks, organizations must ensure that they educate consumers about the correct security procedures to be followed. This includes coaching on seemingly elementary issues, such as changing passwords regularly, which still remains one of the most common causes of security breaches. A senior executive at a leading European industrial manufacturing firm affirmed this view: “There are ways to counterbalance new kinds of threats from a technical standpoint. But that is not enough. It is also absolutely critical that the right procedures are laid down to operate a system. For example, customers need to change passwords regularly and manage access control appropriately.22 ” At the same time, organizations must also train technical support staff so that they are better able to coach customers on security issues. An executive at a leading equipment manufacturer highlighted the need for such training, saying: “Our front line function, which is responsible for maintenance and spare parts, is made up of old-school technology specialists. They now need to understand the security features of our connected equipment so that they can respond to customer queries on security issues.23 ”
  • 13. 13 Privacy policies should be readily accessible to consumers and easy to understand. Address Privacy Concerns with Transparent Privacy Policies To protect consumers from potential data privacy breaches, organizations must develop privacy policies that clearly detail how data from IoT devices is collected and used. Privacy policies should be readily accessible to consumers and easy to understand. Further, guidelines for opting into a service (or opting out) should be clearly described so that consumers can make informed choices about sharing data. In a post-Snowden world, where consumers are growing increasingly concerned about data privacy issues, a transparent privacy policy can be a key differentiator for an organization, signaling its commitment to protecting the interests of consumers. While few organizations today seem to recognize security as a source of competitive advantage in the IoT world, BlackBerry is a notable exception. The smartphone manufacturer is aiming to establishitselfasaleaderintheIoTmarket, based on the platform of security (see Exhibit 2, “BlackBerry: Making Security the Foundation of an IoT Offering”). Cyber attacks are a grim reality in an increasingly connected world. However, despite mounting evidence of the potential human and material impact of such attacks, organizations have not yet trained all their guns on security threats. Building a secure IoT system begins with the recognition that security needs to be as much of a priority as the features and functionality of an IoT product. As the world economy struggles to escape from stagnation and slowing growth levels, the IoT is a massive opportunity for organizations to achieve new levels of efficiency and to develop innovative new services and products. However, like Achilles, whose strength was compromised by one telling vulnerability, organizations must act on IoT security. Organizations that recognize this imperative are the ones who will lead this new IoT revolution. Exhibit 2 - BlackBerry:Making Security the Foundation of an IoT Offering BlackBerry, the once-iconic smartphone manufacturer, is betting on IoT to script a turnaround story. A major part of BlackBerry’s transformation strategy involves leveraging its strengths in network security to become a leader in the IoT market. BlackBerry aims to achieve this by building an IoT platform that allows its customers to develop secure IoT applications. BlackBerry’s IoT platform will provide various device management features that include over- the-air software updates. It is built on the “Project Ion” initiative that BlackBerry launched in May 2014 and leverages technologies that have made BlackBerry a leader in mobile data security and embedded systems. BlackBerry plans to initially target the shipping and automotive sectors with its platform. In future, it plans to extend the platform to other industry verticals such as healthcare and energy. Project Ion:Laying the Foundation of a Secure IoT Platform BlackBerry’s Project Ion initiative comprises multiple efforts designed to promote the development of the IoT. This includes a secure application platform to gather data from across a range of devices and operating environments, and building relationships between partners, carriers and application developers. It also aims at building strategic partnerships with industry organizations such as the Industrial Internet Consortium and the Applications Developers Alliance. QNX Systems:Bringing the Expertise in Embedded Software QNX, bought by BlackBerry in 2010, is an operating system for embedded devices. QNX already powers mission-critical systems in cars, industrial applications and medical devices. It has a market share of more than 50% in the infotainment market and more than 50 million vehicles use QNX. In addition to infotainment systems, QNX also powers the “H Box” - a device used to capture and transmit secure medical data between patients, doctors and healthcare providers. Source: Financial Post, “How BlackBerry can become the Google or Twitter of the Internet of Things”, August 2014; BlackBerry Website; Forbes, “A Look At BlackBerry’s Internet of Things Strategy”, January 2015; Techcrunch, “BlackBerry Reveals Project Ion, Its QNX-Powered Effort To Underpin The Internet Of Things”, May 2014; Forbes, “A Look At BlackBerry’s Internet of Things Strategy”, January 2015
  • 14. 14 Research Methodology Capgemini Consulting and Sogeti High Tech conducted extensive research to understand the current state of security for IoT products. The research spanned two areas: the main survey concerning the security of the IoT and a benchmarking assessment of organizations’ privacy policies. We surveyed more than 100 large enterprises and startups, interviewed industry executives and cybersecurity experts, and evaluated the data privacy policies governing the use of IoT devices in 100 organizations. The Security of the IoT Survey The survey was conducted in November 2014 and covered more than 100 industry executives involved in the development of IoT products. Survey respondents came from a range of industry segments, including Wearables, Medical Devices, Automotive, Home Automation, Smart Metering, and Industrial Manufacturing. The survey focused on gathering opinions on the following areas – the current levels of security in IoT products, key challenges that organizations face in securing their IoT products, and the approach to securing IoT products. Survey Demographics Privacy Policy Benchmarking Assessment We researched the IoT data privacy policies of 100 companies across the Wearables, Medical Devices, Automotive, and Home Automation segments. We evaluated the policies based on the level of transparency that they provided to users on the manner in which data from IoT devices was collected, used and shared with third parties. Wearables Medical Devices Automotive Home Automation Industrial Manufacturing Smart Metering Europe USA APAC Region-wise Distribution of Respondents Industry-wise Distribution of Respondents 18% 19% 16% 20% 14% 13% 4% 58% 38%
  • 15. 1515 About the Capgemini Cybersecurity Service Line Capgemini and Sogeti are experts in IT infrastructure and application integration. Together, we offer a complete range of cybersecurity services to guide and secure the digital transformation of companies and administrations. Our 2,500 professional employees support you in defining and implementing your cybersecurity strategies. We protect your IT and industrial systems, and the Internet of Things (IoT) products & systems. We have the resources to strengthen your defenses, optimize your investments and control your risks. They include our security experts (Infrastructures, Applications, Endpoints, Identity and Access Management), and our R&D team that specializes in malware analysis and forensics. We have ethical hackers, five multi-tenant security operation centers (SOC) around the world, an Information Technology Security Evaluation Facility, and we are a global leader in the field of testing.
  • 16. 16 1 Capgemini Consulting, “The Internet of Things: Are Organizations Ready For A Multi-Trillion Dollar Prize?”, May 2014 2 Bloomberg, “Target’s Data Breach: The Largest Retail Hack in U.S. History”, May 2014 3 ComputerWorld, “Target attack shows danger of remotely accessible HVAC systems”, February 2014 4 The Economist, “Home, hacked home: The perils of connected devices”, July 2014 5 Gartner.com, “Gartner Says the Internet of Things Installed Base Will Grow to 26 Billion Units By 2020”, December 2013 6 Pew Research Center, “Digital Life in 2025: Cyber Attacks Likely to Increase”, October 2014 7 Capgemini Consulting and Sogeti High Tech Interview 8 Capgemini Consulting and Sogeti High Tech Interview 9 Washington Post, “Data breach hits Target’s profits, but that’s only the tip of the iceberg”, February 2014 10 LinkedIn.com, “Berg Insight says 3.0 million patients worldwide are remotely monitored”, 2014 11 HP.com, “HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack”, July 2014 12 Forbes.com, “Zubie: This Car Safety Tool ‘Could Have Given Hackers Control Of Your Vehicle’”, July 2014 13 FTC.gov, Federal Trade Commission, “Marketer of Internet-Connected Home Security Video Cameras Settles FTC Charges It Failed to Protect Consumers’ Privacy”, September 2013 14 CIO Today, “Internet of Things Growing Despite Privacy, Security Concerns”, December 2014 15 AliveCor.com, “AliveCor Privacy Notice”, September 2014 16 Automatic.com, “Terms of Service” (as on October 10th, 2014) 17 Fitbit.com, “Fitbit Privacy Policy”, August 2014 18 Capgemini Consulting and Sogeti High Tech Interview 19 InformationWeek Dark Reading, “Hiring Hackers To Secure The Internet Of Things”, December 2014 20 Wired.com, “The Internet of Things Is Wildly Insecure — And Often Unpatchable”, January 2014 21 Capgemini Consulting and Sogeti High Tech Interview 22 Capgemini Consulting and Sogeti High Tech Interview 23 Capgemini Consulting and Sogeti High Tech Interview References
  • 17. Rightshore® is a trademark belonging to Capgemini CapgeminiConsultingistheglobalstrategyandtransformation consulting organization of the Capgemini Group, specializing in advising and supporting enterprises in significant transformation,frominnovativestrategytoexecutionandwith an unstinting focus on results. With the new digital economy creating significant disruptions and opportunities, our global team of over 3,600 talented individuals work with leading companiesandgovernmentstomasterDigitalTransformation, drawing on our understanding of the digital economy and our leadership in business transformation and organizational change. Find out more at: www.capgemini-consulting.com Capgemini Consulting is the strategy and transformation consulting brand of Capgemini Group. The information contained in this document is proprietary. © 2014 Capgemini. All rights reserved. With more than 25 years of experience, Sogeti High Tech makes its skills and know-how available to industry in Aeronautics and Space, Defense, Energy, Telecoms & Media, Railway and Life Sciences sectors. To be more responsive to market needs, Sogeti High Tech has developed a range of expertise based on its R&D department, High Tech Labs, a real innovations incubator. In close partnership with its customers, Sogeti High Tech develops and manufactures solutions with a high added value in the areas of Internet of Things, collaborative multi-agents systems, Big Data and cybersecurity. Subsidiary company of Capgemini Group, Sogeti High Tech is a center of excellence in System Engineering, Physical Engineering, Software Engineering, Testing and Consulting services. Learn more about us at www.sogeti-hightech.fr Jerome Buvat Head of Digital Transformation Research Institute jerome.buvat@capgemini.com Didier Appell Director, Sogeti High Tech didier.appell@sogeti.com Roopa Nambiar Manager, Digital Transformation Research Institute roopa.nambiar@capgemini.com Ashish Bisht Senior Consultant, Digital Transformation Research Institute ashish.bisht@capgemini.com Franck Greverie Corporate Vice President and Global Head of Cybersecurity franck.greverie@sogeti.com Authors For more information contact Capgemini Consulting Sogeti High Tech Digital Transformation Research Institute dtri.in@capgemini.com The authors would like to acknowledge the contributions of Melle van den Berg from Capgemini Consulting Netherlands, Johan Williamson and Karl Bjurstrom from Capgemini Consulting Sweden, Florian Knollmann from Capgemini Consulting Germany, and Erik van Ommeren from Sogeti Group. The authors would also like to acknowledge the numerous executives who took time out of their schedules to share their views on security in the Internet of Things with us. Germany/Austria/Switzerland Guido Kamann guido.kamann@capgemini.com France Cyril François cyril.francois@capgemini.com Netherlands Onno Franken onno.franken@capgemini.com Spain Christophe Jean Marc Mario christophe.mario@capgemini.com Sweden/Finland Ulf Larson ulf.larson@capgemini.com United Kingdom Richard Bowler richard.bowler@capgemini.com United States Jeffrey T Hunter jeffrey.hunter@capgemini.com Sweden Karl Bjurstrom karl.bjurstrom@capgemini.com Didier Appell didier.appell@sogeti.com Philippe Meleard philippe.meleard@sogeti.com With more than 130,000 people in over 40 countries, Capgemini is one of the world’s foremost providers of consulting, technology and outsourcing services. The Group reported 2013 global revenues of EUR 10.1 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business ExperienceTM , and draws on Rightshore® , its worldwide delivery model. Learn more about us at www.capgemini.com About Capgemini and the Collaborative Business Experience