SlideShare a Scribd company logo

IoT - threats and opportunities to the organization

T
Thieu Nguyen Bao Chau
1 of 3
Download to read offline
IoT – threats and opportunities brought to the organizations Thieu Nguyen Bao Chau – baochau.thieunguyen@gmail.com 1 We are living in the world of wearable technologies — fitness trackers, heart monitors, insulin pumps, and other “smart” devices. It exists primarily in the cloud, and also includes engine sensors, diagnostic controls and even ingestible, medical devices. IoT (Internet of Things) would be the terms used to describe the online exchange of data gathered from uniquely identifiable objects, animals and people, without human-to-human, or human-to-computer, interaction. Its revolution delivers both positive and negative values to business at the same time. Business value and organizational competitiveness can be greatly derived from transformational operating models as enterprises can be able to capitalize on these new capabilities to gain more and better business value from IoT devices. The emergence of Internet of Things technologies is projected to become a key enabler of business success. However, there is a great deal of hype surrounding IoT and it is difficult to determine fact from future. Companies are deploying IoT solutions that drive benefits in enhanced customer services, continuously increased revenues, improved supply chain management as well as great use of assets. The emergence of new IoT technologies is driving new business models with high return on investment as well. The entire set of choices must reinforce one another and define a coherent and distinctive overall strategic position for the company. Options for control points also expand through the IoT. Monitoring, control, and optimization capabilities combine to allow smart, interconnected products to achieve unattainable level of autonomy. Customers can become “locked in” due to easy personalization and context gained through vast amount of information received over time, and network effects scale as more products join a platform. Equally important, firms’ efforts to develop their core capabilities change focus to emphasize growing partnerships, not always build internal capabilities—so that understanding how others in the ecosystem make money becomes important to long-term success. This opportunity to drive rapid innovation and economic growth, and with it a return to prosperity growth, comes none too soon. The past decade has been witnessed internal cost reduction, cautious investment, greater corporate profitability, rising M&A, and muted innovation across large parts of the economy. With that additional value comes additional risk – at least, new avenues of risk. Management and internal auditors would need to fully acknowledge that though IoT may bring many rewards, it also gives birth to numerous risks. Inadequate understanding or unawareness of
IoT – threats and opportunities brought to the organizations Thieu Nguyen Bao Chau – baochau.thieunguyen@gmail.com 2 the risk environment or necessary controls can be leading to huge disaster for the whole organization. Moreover, given the rapid development and advancement of IoT, associated risks and controls are now changing along the way and evolving rapidly. Devices with "always connected" status are easily enabling new types of attacks that have not been seen in the past; they also represent a new set of targets for potential data exposure and crime. It is imperative that assurance, security and governance professionals take notice of the IoT trends, because it would eventually challenge internal control/ risk professionals to redefine the risk equation within many enterprises. Internal auditors would definitely need to stay abreast of IoT developments and advancements to be able to assess the risks and controls in their organization. Internal auditors should evaluate the operational and financial risks that IoT can expose their organizations to and provide assurance that those risks are controlled appropriately. Internal audit is now functioning as third line of defense tasked with scanning the horizon to ensure that emerging risks are known and accounted for in strategic plans and control frameworks, must now consider both the industry implications and the specific organizational challenges. 1. SECURITY: as the reach and complexity of business models, organizations could not be able to secure everything in hand equally. The organizations can pay more attention to risk-sensitive assets during their mission or daily work. 2. RESILIENCE: it may begin with a more solid picture of what the company needs to defend against and specific business risks can often be encountered at their exercises of risk management. Continuous and challenging in-house training may help strengthen threat awareness throughout the organization. 3. MONITORING: controls should be in place to monitor if IoT systems are functioning as intended. Internal auditors should assess whether adequate monitoring controls are in place and whether such controls have been operating effectively all over time. In addition, internal auditors should assess whether exceptions and failures that occur are captured and tracked appropriately and resolutions to incidents are recorded timely. Auditors also should assess whether management has a robust internal control process that takes recurring incidents into account and analyzes their root causes. Each connected device is one more opportunity for unauthorized network access. In addition, most bring your own device (BYOD) policies are focusing on cellphones and don’t even consider addressing wearable tech.
IoT – threats and opportunities brought to the organizations Thieu Nguyen Bao Chau – baochau.thieunguyen@gmail.com 3 4. SCOPE OF IoT: many smart and simple connected devices are easily implemented without IT team’s set up and intervention. Auditors should vigilantly realize where and when IoT systems are deployed by different departments/ people within the organization and prioritize IoT systems audits according to their criticality and sensitivity. Companies which want to succeed in IoT marketplace need to create data policies and accurately communicate them to customers. Data privacy concerns as well as its stringent laws in the U.S. and EU are likely to shape and reshape corporate policies and procedures. Thus, in order to achieve successful auditing, all infrastructure components need to generate audit records documenting the success or failure of events such as system/device configurations, logins, plus authentications of signed or encrypted requests. Infrastructure systems and components are required to transmit all audit records and logs to a dedicated log management system, without compromising overall system performance. Real-time monitoring data on product condition and product control capability enables firms to optimize services by performing preventative maintenance when failure is imminent and accomplishing resolutions remotely. Therefore, it should also ensure the reduction on temporary downtime of working product and the need to dispatch repair personnel. After assessing malfunctioning interconnected devices, the machine is repaired remotely if possible, or the company deploys technicians who have been given detailed diagnosis of the problem, a recommended repair process so as to enhance quickly product/ service features. The era of smart, interconnected products can change current business models forever, given that companies embrace the opportunities more aggressively. Business and government together will need to equip their staff across all units/ departments with risk awareness, and request ongoing review procedures to set heightened standards and more integrated processes so as to protect business values and achieve their own objectives.

Recommended

PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital ValuePwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
Eileen Chan
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
Redspin, Inc.
 
Information technology uses in insurance industry
Information technology uses in insurance industryInformation technology uses in insurance industry
Information technology uses in insurance industry
Sujay Kumar
 
CYBER SECURITY audit course report
CYBER SECURITY audit course reportCYBER SECURITY audit course report
CYBER SECURITY audit course report
PDEA's college of engineering, Pune
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
subramanian K
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
Bharath Rao
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
TestingXperts
 
Alberta's Approach To An Itm Control Framework
Alberta's Approach To An Itm Control FrameworkAlberta's Approach To An Itm Control Framework
Alberta's Approach To An Itm Control Framework
Government Technology Exhibition and Conference
 

Recommended

PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital ValuePwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
Eileen Chan
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
Redspin, Inc.
 
Information technology uses in insurance industry
Information technology uses in insurance industryInformation technology uses in insurance industry
Information technology uses in insurance industry
Sujay Kumar
 
CYBER SECURITY audit course report
CYBER SECURITY audit course reportCYBER SECURITY audit course report
CYBER SECURITY audit course report
PDEA's college of engineering, Pune
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
subramanian K
 
Cloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA ProfessionCloud Computing - Emerging Opportunities in the CA Profession
Cloud Computing - Emerging Opportunities in the CA Profession
Bharath Rao
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
TestingXperts
 
Alberta's Approach To An Itm Control Framework
Alberta's Approach To An Itm Control FrameworkAlberta's Approach To An Itm Control Framework
Alberta's Approach To An Itm Control Framework
Government Technology Exhibition and Conference
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
Network Intelligence India
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
Taranggg11
 
Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009
edcervantes
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
JAYANT RAJURKAR
 
】=
】=】=
】=
Ying Sun
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
Omlis
 
A security requirement quality
A security requirement qualityA security requirement quality
A security requirement quality
ijseajournal
 
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...
subramanian K
 
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Hamilton
 
Physical security information management market
Physical security information management marketPhysical security information management market
Physical security information management market
RishabhJain1113
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
DMIMarketing
 
Taylor&Francis_White_Paper_Satyanandan atyam
Taylor&Francis_White_Paper_Satyanandan atyamTaylor&Francis_White_Paper_Satyanandan atyam
Taylor&Francis_White_Paper_Satyanandan atyam
Satyanandan Atyam
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in Pakistan
Shuja Ahmad
 
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDMagazine
 
Byod in the middle east
Byod in the middle eastByod in the middle east
Byod in the middle east
team-abr
 
Dit yvol4iss40
Dit yvol4iss40Dit yvol4iss40
Dit yvol4iss40
Rick Lemieux
 
Mobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, SolutionsMobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, Solutions
Cognizant
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
Financial Impact of BYOD Programs
Financial Impact of BYOD ProgramsFinancial Impact of BYOD Programs
Financial Impact of BYOD Programs
Bitzer Mobile, now part of Oracle
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing Processes
EMC
 
Emerging Technology and Role of the Internal Auditor.pdf
Emerging Technology and Role of the Internal Auditor.pdfEmerging Technology and Role of the Internal Auditor.pdf
Emerging Technology and Role of the Internal Auditor.pdf
Fiyona Nourin
 
Security Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive ReportSecurity Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive Report
Accenture Technology
 

More Related Content

What's hot

report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
JAYANT RAJURKAR
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
Omlis
 
A security requirement quality
A security requirement qualityA security requirement quality
A security requirement quality
ijseajournal
 
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...
subramanian K
 
Taylor&Francis_White_Paper_Satyanandan atyam
Taylor&Francis_White_Paper_Satyanandan atyamTaylor&Francis_White_Paper_Satyanandan atyam
Taylor&Francis_White_Paper_Satyanandan atyam
Satyanandan Atyam
 
Byod in the middle east
Byod in the middle eastByod in the middle east
Byod in the middle east
team-abr
 

What's hot (20)

The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
 
Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
 
】=
】=】=
】=
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
 
A security requirement quality
A security requirement qualityA security requirement quality
A security requirement quality
 
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...
Iob gm's lecture 7th jan 2014 GRC and corporate governance in Financial serv...
 
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat Briefing
 
Physical security information management market
Physical security information management marketPhysical security information management market
Physical security information management market
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
 
Taylor&Francis_White_Paper_Satyanandan atyam
Taylor&Francis_White_Paper_Satyanandan atyamTaylor&Francis_White_Paper_Satyanandan atyam
Taylor&Francis_White_Paper_Satyanandan atyam
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in Pakistan
 
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
 
Byod in the middle east
Byod in the middle eastByod in the middle east
Byod in the middle east
 
Dit yvol4iss40
Dit yvol4iss40Dit yvol4iss40
Dit yvol4iss40
 
Mobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, SolutionsMobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, Solutions
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
Financial Impact of BYOD Programs
Financial Impact of BYOD ProgramsFinancial Impact of BYOD Programs
Financial Impact of BYOD Programs
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing Processes
 

Similar to IoT - threats and opportunities to the organization

Speaker Interview 1: IoT EurAsia 2019
Speaker Interview 1: IoT EurAsia 2019Speaker Interview 1: IoT EurAsia 2019
Speaker Interview 1: IoT EurAsia 2019
Ersin KARA
 
Organizational Behavior Question#3
Organizational Behavior Question#3Organizational Behavior Question#3
Organizational Behavior Question#3
Waseem Saeed
 
BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity Catalyst
Packet One
 
The Future Of Smart Technology And Its Effect On Business performance.pdf
The Future Of Smart Technology And Its Effect On Business performance.pdfThe Future Of Smart Technology And Its Effect On Business performance.pdf
The Future Of Smart Technology And Its Effect On Business performance.pdf
aNumak & Company
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
Protected Harbor
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise Security
Транслируем.бел
 

Similar to IoT - threats and opportunities to the organization (20)

Emerging Technology and Role of the Internal Auditor.pdf
Emerging Technology and Role of the Internal Auditor.pdfEmerging Technology and Role of the Internal Auditor.pdf
Emerging Technology and Role of the Internal Auditor.pdf
 
Security Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive ReportSecurity Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive Report
 
Leveraging byod
Leveraging byodLeveraging byod
Leveraging byod
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report Summary
 
Speaker Interview 1: IoT EurAsia 2019
Speaker Interview 1: IoT EurAsia 2019Speaker Interview 1: IoT EurAsia 2019
Speaker Interview 1: IoT EurAsia 2019
 
Top Technology Trends in Insurance Domain.pdf
Top Technology Trends in Insurance Domain.pdfTop Technology Trends in Insurance Domain.pdf
Top Technology Trends in Insurance Domain.pdf
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
 
Ciso organizational priorities to build a resilient bimodal it
Ciso organizational priorities to build a resilient bimodal itCiso organizational priorities to build a resilient bimodal it
Ciso organizational priorities to build a resilient bimodal it
 
The 10 recommended audit management solution providers, 2018
The 10 recommended audit management solution providers, 2018The 10 recommended audit management solution providers, 2018
The 10 recommended audit management solution providers, 2018
 
Organizational Behavior Question#3
Organizational Behavior Question#3Organizational Behavior Question#3
Organizational Behavior Question#3
 
BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity Catalyst
 
The Future Of Smart Technology And Its Effect On Business performance.pdf
The Future Of Smart Technology And Its Effect On Business performance.pdfThe Future Of Smart Technology And Its Effect On Business performance.pdf
The Future Of Smart Technology And Its Effect On Business performance.pdf
 
**Major Advantages of IIoT-Based Remote Monitoring**
**Major Advantages of IIoT-Based Remote Monitoring****Major Advantages of IIoT-Based Remote Monitoring**
**Major Advantages of IIoT-Based Remote Monitoring**
 
S36169184
S36169184S36169184
S36169184
 
The path to self disruption: Nine steps of a digital transformation journey
The path to self disruption: Nine steps of a digital transformation journeyThe path to self disruption: Nine steps of a digital transformation journey
The path to self disruption: Nine steps of a digital transformation journey
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
 
Written-Blog_Ethic_AI_08Aug23_pub_jce.pdf
Written-Blog_Ethic_AI_08Aug23_pub_jce.pdfWritten-Blog_Ethic_AI_08Aug23_pub_jce.pdf
Written-Blog_Ethic_AI_08Aug23_pub_jce.pdf
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise Security
 
itgc.pptx
itgc.pptxitgc.pptx
itgc.pptx
 
UiPath: Insurance in the Age of Intelligent Automation
UiPath: Insurance in the Age of Intelligent AutomationUiPath: Insurance in the Age of Intelligent Automation
UiPath: Insurance in the Age of Intelligent Automation
 

IoT - threats and opportunities to the organization

  • 1. IoT – threats and opportunities brought to the organizations Thieu Nguyen Bao Chau – baochau.thieunguyen@gmail.com 1 We are living in the world of wearable technologies — fitness trackers, heart monitors, insulin pumps, and other “smart” devices. It exists primarily in the cloud, and also includes engine sensors, diagnostic controls and even ingestible, medical devices. IoT (Internet of Things) would be the terms used to describe the online exchange of data gathered from uniquely identifiable objects, animals and people, without human-to-human, or human-to-computer, interaction. Its revolution delivers both positive and negative values to business at the same time. Business value and organizational competitiveness can be greatly derived from transformational operating models as enterprises can be able to capitalize on these new capabilities to gain more and better business value from IoT devices. The emergence of Internet of Things technologies is projected to become a key enabler of business success. However, there is a great deal of hype surrounding IoT and it is difficult to determine fact from future. Companies are deploying IoT solutions that drive benefits in enhanced customer services, continuously increased revenues, improved supply chain management as well as great use of assets. The emergence of new IoT technologies is driving new business models with high return on investment as well. The entire set of choices must reinforce one another and define a coherent and distinctive overall strategic position for the company. Options for control points also expand through the IoT. Monitoring, control, and optimization capabilities combine to allow smart, interconnected products to achieve unattainable level of autonomy. Customers can become “locked in” due to easy personalization and context gained through vast amount of information received over time, and network effects scale as more products join a platform. Equally important, firms’ efforts to develop their core capabilities change focus to emphasize growing partnerships, not always build internal capabilities—so that understanding how others in the ecosystem make money becomes important to long-term success. This opportunity to drive rapid innovation and economic growth, and with it a return to prosperity growth, comes none too soon. The past decade has been witnessed internal cost reduction, cautious investment, greater corporate profitability, rising M&A, and muted innovation across large parts of the economy. With that additional value comes additional risk – at least, new avenues of risk. Management and internal auditors would need to fully acknowledge that though IoT may bring many rewards, it also gives birth to numerous risks. Inadequate understanding or unawareness of
  • 2. IoT – threats and opportunities brought to the organizations Thieu Nguyen Bao Chau – baochau.thieunguyen@gmail.com 2 the risk environment or necessary controls can be leading to huge disaster for the whole organization. Moreover, given the rapid development and advancement of IoT, associated risks and controls are now changing along the way and evolving rapidly. Devices with "always connected" status are easily enabling new types of attacks that have not been seen in the past; they also represent a new set of targets for potential data exposure and crime. It is imperative that assurance, security and governance professionals take notice of the IoT trends, because it would eventually challenge internal control/ risk professionals to redefine the risk equation within many enterprises. Internal auditors would definitely need to stay abreast of IoT developments and advancements to be able to assess the risks and controls in their organization. Internal auditors should evaluate the operational and financial risks that IoT can expose their organizations to and provide assurance that those risks are controlled appropriately. Internal audit is now functioning as third line of defense tasked with scanning the horizon to ensure that emerging risks are known and accounted for in strategic plans and control frameworks, must now consider both the industry implications and the specific organizational challenges. 1. SECURITY: as the reach and complexity of business models, organizations could not be able to secure everything in hand equally. The organizations can pay more attention to risk-sensitive assets during their mission or daily work. 2. RESILIENCE: it may begin with a more solid picture of what the company needs to defend against and specific business risks can often be encountered at their exercises of risk management. Continuous and challenging in-house training may help strengthen threat awareness throughout the organization. 3. MONITORING: controls should be in place to monitor if IoT systems are functioning as intended. Internal auditors should assess whether adequate monitoring controls are in place and whether such controls have been operating effectively all over time. In addition, internal auditors should assess whether exceptions and failures that occur are captured and tracked appropriately and resolutions to incidents are recorded timely. Auditors also should assess whether management has a robust internal control process that takes recurring incidents into account and analyzes their root causes. Each connected device is one more opportunity for unauthorized network access. In addition, most bring your own device (BYOD) policies are focusing on cellphones and don’t even consider addressing wearable tech.
  • 3. IoT – threats and opportunities brought to the organizations Thieu Nguyen Bao Chau – baochau.thieunguyen@gmail.com 3 4. SCOPE OF IoT: many smart and simple connected devices are easily implemented without IT team’s set up and intervention. Auditors should vigilantly realize where and when IoT systems are deployed by different departments/ people within the organization and prioritize IoT systems audits according to their criticality and sensitivity. Companies which want to succeed in IoT marketplace need to create data policies and accurately communicate them to customers. Data privacy concerns as well as its stringent laws in the U.S. and EU are likely to shape and reshape corporate policies and procedures. Thus, in order to achieve successful auditing, all infrastructure components need to generate audit records documenting the success or failure of events such as system/device configurations, logins, plus authentications of signed or encrypted requests. Infrastructure systems and components are required to transmit all audit records and logs to a dedicated log management system, without compromising overall system performance. Real-time monitoring data on product condition and product control capability enables firms to optimize services by performing preventative maintenance when failure is imminent and accomplishing resolutions remotely. Therefore, it should also ensure the reduction on temporary downtime of working product and the need to dispatch repair personnel. After assessing malfunctioning interconnected devices, the machine is repaired remotely if possible, or the company deploys technicians who have been given detailed diagnosis of the problem, a recommended repair process so as to enhance quickly product/ service features. The era of smart, interconnected products can change current business models forever, given that companies embrace the opportunities more aggressively. Business and government together will need to equip their staff across all units/ departments with risk awareness, and request ongoing review procedures to set heightened standards and more integrated processes so as to protect business values and achieve their own objectives.