Connected devices are creating great experiences for consumers, but they also represent brand new targets for hackers. The Internet of Things (IoT) and cybercriminal activity share two important traits: they are largely invisible to the naked eye, and they surround us at any given moment.
As more organisations use a mix of sensors and sophisticated software applications to create smart homes, smart office environments, and even smart cities, the results often feel magical. Lights come on when you enter a room. A piece of machinery proactively requests an upgrade to prevent breaking down. A retail store automatically restocks a shelf before consumers become frustrated over missing items. These are all ways the IoT makes technology more ubiquitous and seamless.
Unfortunately, the most successful cybercriminals behave in much the same way. Hacking databases, attacking websites, and stealing passwords rarely involves a face-to-face encounter. When technology becomes essential, security issues related to the technology tend to mount. Over time, these issues have transitioned from email to text messages, from desktop PCs to smartphones and now to the IoT.
As a recent story on The Next Web pointed out, security problems with the IoT could be much more dire than anyone imagines today, as the potential targets range from household appliances to almost anything that connects to the internet.
"Imagine the damage that an intentional attack on the electrical grid or other utilities might cause," the article warns. "Hackers could conceivably shut down entire cities, cause major vehicle accidents, or even put the lives of hospital patients in danger if they were to prevent access to computer networks and data."
Although good IT security has always been based around standards, the relatively recent emergence of IoT devices and applications makes it difficult for the industry to keep up. Industry analyst Stacey Higginbotham believes that many IoT products and services could be vulnerable from the outset, not because of inferior due diligence on vendors' parts, but because of the requirements for testing, encryption protection, and certification.
"The lack of clarity around what makes a connected device secure has big impacts beyond adding a lot of extra tests for some nebulous certification. It also means that engineers building connected products don't have a playbook to work from," Higginbotham writes on her blog. "With IoT devices being so complex, the lack of some kind of standard checklist leads to security vulnerabilities."
This may explain why some organisations are still not sure if they are prepared to take advantage of the IoT, even though it offers a lot in terms of productivity, cost savings, and other benefits. According to a pair of surveys discussed on Network World, only seven per cent of companies are clear on their IoT plans, while more than half are worried about security issues. Another research report from advisory firm BDO indicates 27% of manufacturers don't have a security policy for vendors and partners associated with IoT projects.
Consumers obviously worry about the dangers the IoT could bring into their daily lives. A recent Parks Associates survey of more than 10,000 U.S. households shows that almost half of consumers describe themselves as "very concerned" about hackers getting control of the connected devices in their homes. The good news is that IoT security builds on many of the same common sense principles used to protect other devices and data.
First, make sure you have a good sense of your vulnerability. How do the products and services you use to automate your life collect, manage, and store your data? How do the devices you use potentially share data when you're walking around environments that make up the IoT?
Next, make sure the passwords for all your devices are unique and include a mix of letters, numbers, and other characters that are difficult to guess. Don't share passwords with others.
Perhaps most importantly, put the proper security tools in place to monitor your environment. Early intrusion detection has always been one of best ways to avoid the worst security incidents, and that remains true in the age of the IoT.
Ask Smart Questions
Of course, IoT security is really a collective responsibility between consumers who seek all types of connections and companies that want to use connectivity to create richer customer experiences. TechTarget discusses many of the essential security elements companies should have in place as they bring the IoT to market. It's critical that connected devices be part of a well-established security policy, for example, and companies should be just as responsible as consumers for using monitoring, intrusion detection, and other tools to stop or mitigate the damage of data breaches. Consumers shouldn't be afraid to ask companies tough questions about how they're using — and more importantly, safeguarding — their personal information.
Information Weeksuggests that consumers have a strong ability to influence the way large organisations handle IoT security, because consumers were the first to use connected devices for increased productivity and efficiency in their personal lives in most cases. As with other waves of technology innovation, such as the early days of mobile devices, those consumer experiences set the expectations for what happens in more complex business environments.
Despite the risks, it's unlikely that the IoT will stop expanding into homes and almost every other environment. The IoT is here to stay, and so are the hackers. The answer at this point is to focus on security solutions such as those offered by Kaspersky Lab to protect against new emerging threats. Understanding your vulnerabilities and using the right tools for protection are essential for staying ahead of threats in this ever-changing IoT world.