Last fall’s widespread internet outage caused by a massive attack during which hackers hijacked hundreds of thousands of personal connected devices might have brought down the web, but it didn’t come as a surprise to security experts. In fact, they’d long warned of the rising threats to security and business continuity in the “Internet of Things” (“IoT”) era. Still, it took the crippling assault to bring this critical issue to the surface.
While faith organizations may not immediately come to mind when we think of the IoT, the reality is that they too are increasingly interconnected — and are therefore not exempt from potential cybersecurity issues. Here’s a closer look at IoT, along with why it necessitates heightened levels of cybersecurity vigilance for today’s churches, nonprofits, businesses and other organizations.
While the term “internet of things” may sound enigmatic, it’s a surprising straightforward concept. The Internet of Things Global Standards Initiative defines it as “ a global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies.”
Forbes breaks it down even further: “Simply put, this is the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other). This includes everything from cellphones, coffee makers, washing machines, headphones, lamps, wearable devices and almost anything else you can think of…The IoT is a giant network of connected “things” (which also includes people). The relationship will be between people-people, people-things, and things-things.”
Churches and IoT
Certainly, churches derive benefits from operating in the IoT era. Says DesignerPub, “The BYOD trend means that it isn’t just the technology that is changing. The culture of the people who use the technology has changed. Assistive listening is now an app. Conference rooms are now run via iPad. Did you know that with the right infrastructure you can use an iPhone as a microphone on the main loudspeaker system? It isn’t just the Internet of the Church’s Things that is changing the design; it is the Internet of EVERYTHING—including the worshippers.”
While these developments can certainly improve the way people worship and may even bring more people through the doors — physical or figurative — of your church, there’s a lesser-known downside: The increased risk of cyber-security breaches. Church computers, networks and financial systems are all targets for internet predators searching for easy prey.
In fact, according to data aggregated by Hackmageddon, roughly 3.4 percent of the 40,000 daily hacks which occur are against religious organizations. The takeaway? No matter how unlikely it seems or how secure you may feel, your ministry cannot afford to be complacent when it comes to cybersecurity.
The Future of IoT
Not only that, but we’re only at the very beginning when it comes to what IoT has to offer. In fact, according to data from Cisco, 500 billion devices are expected to be connected to the internet by the year 2030 — each of them exponentially improving our collective ability to “aggregate, analyze, and deliver insight, which helps drive more informed decisions and actions.”
Echoes Forbes, “The reality is that the IoT allows for virtually endless opportunities and connections to take place, many of which we can’t even think of or fully understand the impact of today.”
However, as we discover more ways to connect and engineer more devices through which to do so, we’re also creating more opportunities for cybercriminals looking to penetrate our pews.
The IoT and Security and Privacy
According to a recent Hewlett Packard (HP) study, a full 70 percent of the most commonly used IoT devices contain serious vulnerabilities. Even more alarmingly? Of the devices tested, an average of 25 vulnerabilities was found for each across a broad range of measures, including privacy concerns, insufficient authorization, lack of transport encryption, insecure web interface, and inadequate software protection.
The Wall Street Journal recently set forth a set of best practices for consumers aimed at stepping up their smart-home security and personal devices. However, this problem is far from isolated to the consumer side. In giving hackers backdoor access to all of these billions of connected devices, IoT also grants access to the massive amount of data contained within the networks of organizations, including churches.
Compounding the situation are a number of related factors which escalate the threat, including the speed of change in today’s fast-moving business world; the interconnectedness of devices and networks; more open infrastructure; cloud computing; application vulnerabilities; the growth of mobile and, specifically, BYOD; bandwidth consumption; governance and compliance; privacy and data protection; and breach preparedness, including investigation and notification.
Safeguarding Your Church in the IoT
The mandate for contemporary organizations, according to Datafloq? “Security needs to be built in as the foundation of IoT systems, with rigorous validity checks, authentication, data verification, and all the data needs to be encrypted. At the application level, software development organizations need to be better at writing code that is stable, resilient and trustworthy, with better code development standards, training, threat analysis and testing. As systems interact with each other, it’s essential to have an agreed interoperability standard, which safe and valid. Without a solid bottom-top structure we will create more threats with every device added to the IoT.”
Failure to prioritize cybersecurity, meanwhile, can be costly: According to AT&T’s recent Cybersecurity Insight’s The CEO’s Guide to Data Security, cybercrime damages will skyrocket to $6 trillion annually by the year 2021.
Luckily, there are some things your church can do to minimize risk in the increasingly dynamic IoT landscape, including the following four priorities as delineated by AT&T:
- Identity and access management
Establishing and implementing access policies for applications, devices, and people
- Threat analytics
Automating processes for identifying and responding to unusual activity
Improving flexibility and consistency through softwareâ€‘defined security
- Incident response
Instituting a plan which outlines roles and actions in the event that a breach occurs
This also means reframing your faith organization’s attitude toward investing in cybersecurity. According to multinational professional services firm EY’s report, Cybersecurity and the Internet of Things: Insights on Governance, Risk and Compliance, “Security is usually positioned as an obligatory cost — a cost to pay to be compliant, or a cost to pay to reduce risk. But moving to a model of security as risk and trust management implies looking upon security as a business enabler; for example, managing consumer data access leverages the monetary value of the data instead of focusing on the protection of the data itself. In fact, this transformation means enabling the development of even more extended networks of networks, of more and new forms of collaboration and mobility, and of new business models.”
The underlying principles absolutely apply to faith communities, as well. Rather than thinking of cybersecurity as an expense or hassle, think of it as an investment in the well-being of your church and its constituents.
Which begs the question: Where does your ministry stand when it comes to IoT and cyber security preparedness? Contact One Call Now to find out how our innovative communication solutions can help your church proactively prepare for cybersecurity threats in the age of IoT.