Internet of Things: Security

Many people are familiar with the talkative Internet of Things (IoT) devices that, by giving an order, you can have virtually anything shipped to you. B2B eCommerce already has devices that can self-order consumables for your printer.  The auto industry is also in the IoT commerce space with cars that can self-order replacement tires.

Currently, there are more than 20 billion IoT devices in existence today.  That staggering number of devices represents huge opportunities for eCommerce and the rest of the digital industry.  IoT and headless commerce is the next step on the path to unified commerce.  Poorly introducing IoT into your headless commerce plans could come a cost.

IOT SECURITY: HOW IT WORKS

From the context of eCommerce, when prompted, IoT devices act independently to communicate with a server and API to make a secure purchase transaction. Really, this isn’t much different than clicking “checkout” when shopping online, right?

So, you may think that IoT is secure given that we have decades of experience in purchasing products online.  This is the false sense of security that is making IoT so attractive to hackers.

IoT is often exploited at the device itself.  You may remember the news story about the Jeep that was shut down on the highway.  This sort of attack is at the device itself not the centralized location.  Hacking a consumer device is a topic that is constantly in the news and those reports will grow as IoT grows.

While we have not seen a specific eCommerce attack, the risk exists.  Hackers could place various orders from multiple IoT devices to a website causing a unique attack that could cost a company millions of dollars in fraudulent orders.

Much like a DDOS attack has many computers attacking a website, a similar style attack could submit orders from many consumers.  It could be days before it is noticed that product is shipping and customers are being charged.

It’s not just the cost of goods impacted. Businesses will spend time dealing with the issue attempting to recover product, backing out orders, etc.  Shipping costs alone could make smaller companies go out of business.  Other hacks could disable devices altogether causing impacts to revenue.

Businesses need to be cognizant of the issue and prepare upfront.  Here are some things to consider when implementing your IoT and headless commerce implementations.

• How am I incorporating security during the design phase?
• What is my strategy to update devices if a vulnerability is discovered?
• What are my security practices overall, and how can I apply them to IoT devices?
• What is my risk management strategy, and how might these security measures impact my business?
• How do I make IoT transparent in my implementation?

Addressing security upfront won’t eliminate risk, but it will help mitigate it.  You will also have an established process and procedure for when the inevitable happens. IoT and headless commerce are growing and it’s critical your security grow with it.