The Internet of Things (IoT) is a rapidly evolving and fascinating topic, with value for security awareness and training purposes. IoT presents a heady mix of risks and opportunities, with substantial commercial, safety, privacy and information security challenges ahead, and sociological implications for good measure.
As commonly understood, things are mostly small, inexpensive, low-powered, wireless “smart” devices, electronic gizmos with processing and networking capabilities, sensors and sometimes actuators. Many are discreetly tucked away behind the scenes, quietly doing whatever they do with no screen or keyboard and barely an LED to reveal their presence. Smart watches, fitness trackers, glasses and other wearables are obvious, whereas medical monitors and home-detention tags are usually hidden. Smart door locks, thermostats, air conditioners and garage doors are further examples of today’s first-generation things. Meanwhile industrial things are quietly making inroads into our factories, warehouses, shops and offices, a semi-autonomous electronic army presenting big opportunities … and risks. Hackers and worms are already discovering and exploiting IoT security vulnerabilities.
The module is intended to:
- Introduce IoT, providing general background information as context for the awareness materials;
- Describe (in generic terms) the information risks and the business opportunities typically associated with or arising from IoT;
- Describe the corresponding information security controls and other risk treatment options (not least, avoidance);
- Catch workers’ imaginations, opening their eyes to both the possibilities and the concerns;
- Influence decision making, behaviors etc.
Think about your learning objectives in relation to IoT security. Is it pertinent to your organization, its products and markets? Are things being used on the shop floor, distribution centers or warehouses? Is anyone actively researching, developing and selling things in your organization? Are Facilities Management using smart thermostats/HVAC controllers, door locks and so forth? Are your vendors and business partners heavily into IoT? Are employees in particular business units, sites or departments experimenting with wearables whether for work purposes or simply because they love shiny toys? These are all good reasons to spread awareness beyond the IT Department and traditional IT users, and they are potential sources of relevant anecdotes, case study materials, perhaps even guest speakers for your awareness and training sessions.
IoT security awareness
An awareness and training module on the rapidly evolving information risk and security aspects of IoT, the Internet of Things.