×

Most companies aren't prepared for a hack attack

The Internet of Things is changing the world around us. It's advancing the future of business and bringing new capabilities and efficiencies to companies to help them stay competitive. It's disrupting industries, from health care to hotels to hair salons.

Catch Ralph de la Vega today on CNBC's "Squawk Alley" on Monday Feb. 22 at 11:15am ET.

Cyber security
weerapatkiatdumrong | Getty Images

The impact of IoT is being likened to a new industrial revolution. But, with its great potential comes new opportunities for cybercriminals.

A single cyberattack can inflict millions of dollars in damage. These threats are unfortunately inherent to IoT technology, which is reshaping almost every element of modern life, from driving our cars to taking medication and adjusting the thermostat. In just the past two years, AT&T observed an astonishing 458 percent increase in vulnerability scans of IoT devices, according to AT&T's second Cybersecurity Insights Report, this one on Exploring IoT Security.


Unlike data and privacy breaches, which threaten to compromise medical records and credit-card information, the security risks to IoT devices could have far greater consequences — for example putting patients, automobile drivers and others at risk. According to the AT&T report, the threat is likely to increase as the number of connected devices swells to an estimated 50 billion devices by 2020.

There are clear signs, however, that businesses aren't yet effectively addressing IoT security.

According to the report, less than half of respondents (47 percent) say their organizations analyze connected device security logs and alerts more than once a day — a pace that will need to quicken as the risk profile rises. Only 14 percent of companies have instituted a formal audit process to help understand whether their devices are secure and how many devices they have, and just 17 percent involve their boards in decision-making around IoT security.

Perhaps most startling, among health care/life sciences professionals, just 30 percent of respondents are analyzing the logs and alerts of connected devices in real time, even though 64 percent say they are confident or extremely confident in their IoT cybersecurity defenses.

What more can be done?

The good news is that efforts are underway to create standards for securing IoT devices that will help make them safer from cyberattacks. To help businesses address the urgent need for IoT security, we recently announced plans to work with Bayshore Networks to explore innovation in virtualized security protections and capabilities for IoT customers.

While Bayshore has been a leader in developing industrial IoT security solutions, most other efforts are still largely in their early stages, making it all the more imperative that business leaders find ways to maximize the tremendous benefits IoT technology can provide to their customers and their workforce while minimizing the risks it presents.

To help do that, the AT&T report identifies six principles business leaders should adopt to protect their companies and their customers from IoT cyberattacks.

Adopt a risk-driven approach. Identify your most critical assets or highest risks — which in IoT may extend beyond data to physical impacts – and then apply security controls that are commensurate with each level of risk.

Look beyond IoT device security. It's important to secure not just device-based data and operations, but also the many levels and types of communications networks and applications that support IoT solutions.

Don't reinvent the wheel. Existing security controls and procedures may be sufficient for many IoT deployments, but be mindful of unique IoT devices, applications and increased scale that require new controls and protections.

Address the entire IoT ecosystem and know your supply chain. Evaluate the security capabilities and responsibilities of your IoT product and service providers, as well as those of your business partners.

Automate security where possible. Given the massive increase in connected endpoints and the data volumes they can generate, IoT deployments are driving the need for increased automation in data monitoring, threat identification, and other facets of security.

Involve your board. Communicating often with your board of directors will see to it that corporate leaders clearly understand both the opportunities and risks of IoT deployments.


The Internet of Things has the potential to reshape the way we work, live and communicate. But with this great promise comes great responsibility to provide products and services that are highly secure.

Commentary by Ralph de la Vega, the vice chairman of AT&T and CEO of AT&T Business Solutions & AT&T International.