The biggest concern, Henry says, is that the users of IoT devices will not regard the security of the devices they are connecting as being of great concern. "The issue is that the bandwidth of a compromised device can be used to attack a third party," he says. "Imagine a botnet of 100,000,000 IoT devices all making legitimate Web site requests on your corporate Web site at the same time."
Experts say the IoT will likely create unique and in some cases complex security challenges for organizations.
"As machines become autonomous they are able to interact with other machines and make decisions which impact upon the physical world," Rose says. "We have seen problems with automatic trading software, which can get trapped in a loop causing market drops. The systems may have failsafes built in, but these are coded by humans who are fallible, especially when they are writing code that works at the speed [and] frequency that computer programs can operate."
Security threats of the IoT can also result in widespread problems that can have an impact on a lot of people, Rose says.
"If the security of a current system fails we may see a few hundred credit card details get stolen, or a politician embarrassed—but these are not great problems," Rose says. "Imagine instead if a power system were hacked and they turned off the lights in an area of the city. No big deal perhaps for many, but for the thousands of people in the subway stations hundreds of feet underground in pitch darkness, the difference is massive. IoT allows the virtual world to interact with the physical world and that brings big safety issues."
The IoT will bring with it three "massive" security issues, says Ted Demopoulos, founder of security consulting firm Demopoulos Associates in Durham, N.H. These include a loss of privacy, a comingling of personal and company data, and discovery.
The loss of privacy will come from the ability to track the whereabouts of individuals, as well as what items they are buying or whether they are away from home. "Most of us carry cellphones 24/7 that are connecting to cell phone towers, and the data exists to track our movements today," Demopoulos says.
"Something as simple as smart electricity meters can potentially be used to tell if we are home or gone for a while, based on the volume of electricity usage, whether we are night owls or early birds and more," Demopoulos says.
As for the comingling of personal and company data, it's the same challenge that many organizations are already facing with the increased use of mobile technology in the workplace and the bring-your-own-device (BYOD) trend.
Sign up for Computerworld eNewsletters.