Great, right? Unfortunately, from a cybersecurity perspective, all of these connected devices are potential targets for cyber criminals to either attack or use in their attacks. We don’t have to look very far back to see IoT devices being used in a malicious way. Last year we saw a major Distributed Denial of Service attack where hundreds of thousands of (consumer) IoT devices were used to throw data traffic at Dyn’s servers to overwhelm them. Dyn, remember, is a cloud services provider that controls a significant amount of the internet’s domain name infrastructure, so the attack ended up bringing down popular sites like Netflix and Reddit. The tricky thing is that as devices continue to become connected to the internet, there will be an increase in the number of entry points for a malicious actor to either control the devices or gain entry to them.
And things look similarly daunting on the business side. Businesses need to defend against DDoS type attacks, secure the devices that are connected to their network, and ensure that the data collected is secure. If you think about a retailer, they are using IoT devices to help make a more personalized shopping experience for their customers. To do that, IoT devices would be collecting information about their customers. All of that data needs to be protected, and so too do the devices taking in that data.
There are certainly risks, but none of this is to say that consumers and businesses should not be using connected devices. We have only scratched the surface in terms of what they can do, and pretty soon we’ll start to see businesses using IoT analytics to make connections between the data that is churned out to benefit their business and their customers.
In my view, as the proliferation of IoT devices grows, vulnerabilities are inevitable if the interconnections are not properly secured. We need to get to a point where security is built into the process from the beginning.
Thinking about IoT? Think security
We are not going to see a change happen on its own, there needs to be a mindset shift. Enterprises and consumers should demand that connected devices are secure by design – meaning that security is built into the process – to minimise any malicious use. Today, little or no basic security exists because customers are not demanding it and adding basic security increases production costs and time to market. Securing connected devices needs to be the default. This will ensure that consumers are protected and devices are used in the way they are intended.
The way forward (for business)
For businesses, it comes down to ensuring that IoT solutions are secure by design. This means that IoT providers need to focus on security at the endpoint/sensor, connectivity, and the backend application layers. Businesses should be working with IoT providers that offer secure solutions at all three of these layers.
We live in a digital world. Businesses are becoming increasingly digital and increasingly connected – much like we are as consumers. Now it’s time we balance the benefits of connected devices with security.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…