Traditionally, Enterprise IT risk assessments are tedious and high effort which follow a strict framework of NIST, ISO, COBIT, or related standards. The assessments are typically performed by cybersecurity, financial, and Health and Safety departments to show risks in terms of loss of privacy, data, productivity, and capital. These calculations are mostly derived from quantitative measures based on probability (likelihood of occurrence) multiplied by impact in order to determine a risk score. Furthermore, the regulated industries such as financial, transportation, insurance, healthcare, and many others perform a deeper risk analysis which takes numerous elements into calculation and places a monetary value to further calculate absolute risk to an organization.
All industries benefit by performing a risk assessment to gain visibility and highlight potential issues; however, IoT businesses are seeing rapid growth and may not have the resources or expertise to perform extensive risk modeling. They could use a simpler methodology to determine risk in their environment.
We have come up with a simple way of calculating risk in terms of connections times identities to calculate risk. The two tables below show how to quickly calculate risk in an IT/OT environment.
Take a look, and see for yourself how a simple addition of a wireless printer increases the risk for an IoT network.
Connections X Identities = Risk
IT Network (Firewalled from OT)
||USB, Wired, Wireless, Bluetooth (4)
||Wired, Wireless (2)
An IoT network that is segmented from a corporate IT network can experience exponential risk by bridging a wireless printer.
IoT Network (Firewalled from IT)
||Serial, Wireless (2)
||4 users (HVAC Maintenance)
||USB, wired, wireless (3) *Bridged to IT*