To help do that, the AT&T report identifies six principles business leaders should adopt to protect their companies and their customers from IoT cyberattacks.
Adopt a risk-driven approach. Identify your most critical assets or highest risks — which in IoT may extend beyond data to physical impacts – and then apply security controls that are commensurate with each level of risk.
Look beyond IoT device security. It's important to secure not just device-based data and operations, but also the many levels and types of communications networks and applications that support IoT solutions.
Don't reinvent the wheel. Existing security controls and procedures may be sufficient for many IoT deployments, but be mindful of unique IoT devices, applications and increased scale that require new controls and protections.
Address the entire IoT ecosystem and know your supply chain. Evaluate the security capabilities and responsibilities of your IoT product and service providers, as well as those of your business partners.
Automate security where possible. Given the massive increase in connected endpoints and the data volumes they can generate, IoT deployments are driving the need for increased automation in data monitoring, threat identification, and other facets of security.
Involve your board. Communicating often with your board of directors will see to it that corporate leaders clearly understand both the opportunities and risks of IoT deployments.