Wearables, the Internet of Things (IoT) and augmented reality (AR) are already modernizing field service and promise to change it in ways we have yet to imagine. But as is true with every type of technology, these latest innovations introduce new threat conduits and security risks. Here is what field service organizations need to understand about the possible ramifications and what they can do to shore up their defenses.
More Doors Open to Hackers
The increase in connected devices and growing volume of data being collected and transferred via a largely cloud-based IT footprint, paves the way for even more vulnerabilities. Simply put, hackers and cyber criminals now have access to more entry points to data centers and infrastructure than ever before. Plus, because IoT relies on thousands and even millions of distributed devices and sensors, an exposed vulnerability in one can affect thousands or millions of other connected devices.
Whether they are seeking to wreak havoc on critical infrastructure and toy with businesses for political, monetary, or egotistical purposes, those with malicious intent can do so more readily. In fact, of the more than 5,000 enterprises surveyed as part of AT&T's Cybersecurity Insights Report, only 10% feel confident that they could secure IoT devices against hackers.
Plus, all the data being generated by all these connected devices can be exposed if not properly protected. That means sensitive customer information and proprietary business data could be accessed by those other than authorized users. Such access could be exploited for nefarious purposes.
How Hackers Can Impact Field Service
In 2016, a cyber attack took down a power grid in Ukraine. Now consider the potential damage if a hacker intercepted the communications channel relaying instructions to a technician wearing AR goggles to perform a repair on critical infrastructure. The hacker could change the instructions to misguide the repair, leaving a water main or electric grid exposed in a way that leads to widespread service malfunction, interruption, or worse.
Imagine an autonomous vehicle being hacked and sent to a location where it could be hijacked. Or picture a fleet technician driving a vehicle with an AR-enabled windshield. The hacker could access and manipulate the data feed to the windshield so that the instructions completely obscure the technician’s field of vision, causing a crash. A similar scenario could happen to a technician wearing AR googles while making a repair in dangerous conditions. Essentially, hackers can use these next-generation technologies to perpetuate attacks that impact a technician’s physical space.
Follow IT Security Best Practices
While the types of attacks may be new, the IT security essentials remain the same when it comes to shoring up infrastructure and protecting data. To that end, field service organizations should embrace a defense in depth approach complemented by new policies and controls to manage wearables and connected devices.
- Practice defense in depth. This IT security strategy has been dubbed by telecommunications security professionals, “a layered approach” because it addresses each layer of a company’s network. At its simplest, it’s about securing devices, applications on devices, and the connections between devices and the network. This includes being able to monitor for, detect, and remediate different types of attacks and malware.
- Isolate devices from the network. Whenever possible, field service organizations should isolate wearables and IoT devices to limit network impact should one become compromised.
- Encrypt data. By encrypting data at rest and in transit, field service organizations make it harder to be read by hackers.
- Create WYOD policies. According to a report by IDC Research, security for wearables will become a “top five” issue for CIOs by the end of 2017. Yet only 8% of companies will have developed a Wear Your Own Device (WYOD) policy. Just as companies have developed Bring Your Own Device (BYOD) security policies and procedures related to personal devices, they should put in place new controls and processes to manage wearables and connected devices.
- Educate employees. Field service technicians, engineers and dispatchers could unknowingly create a security vulnerability (such as leaving a wearable containing valuable information unattended). By educating their employees on potential security risks, field service organizations reduce the likelihood of experiencing a threat due to the unknowing actions of an employee with good intentions.
- Prepare for security breaches. Even the most highly funded and resource-intensive security measures cannot prevent all security attacks. After all, new threat vectors and vulnerabilities are continually being discovered and exploited. Smart organizations prepare for the worst by devising a plan of action if a breach would occur.
Keep your field service organization one step ahead of trends and threats by subscribing to Field Service Matters.