The Security Risks of The Internet Of Things
The exponential growth and advancement of Internet connected devices has significant potential to change the world, but this is not always in benign ways. As a whole range of everyday objects, for example cars and even refrigerators begin to act more and more similarly to smartphones, Internet of Things devices have a lot of potential to automate and simplify a variety of areas of our everyday lives. Smart homes are able to turn on the lights and adjust the home temperature for us, smart cars allow us to reach our destinations easier and call for help if there’s a breakdown, and smart appliances can schedule their own maintenance and make sure that we’re always stocked up.
But, as with any new technology, there is almost always a price to pay, and the Internet of Things is certainly no exception. As IoT rapidly expands, it seems as though many are paying for the convenience that it brings with increased security risks. In the past, people only had to worry about data security when it applied to a desktop computer or perhaps a laptop – running anti-virus software on our computers was pretty much the only thing that we had to do. However, today, with so many different devices connected to the internet and the number only growing, security risks are also on the rise.
IoT Devices and Increased Security Risk
According to a security survey carried out by HP, over 70% of the most commonly used IoT devices have a range of serious security vulnerabilities. Both entrepreneurs and innovators are rushing to make sure that their businesses have the next best thing in the market, and often, in their haste are pushing security concerns back to the end of the priority list.
But, as IoT devices continue to gather more and more data about us, consumers, especially those using these devices for business, have good reason to be concerned about the vulnerability. Although it may not always be given much thought, the IoT devices collect a lot of information not only about private lives, but also data regarding small businesses. On a personal level, smart device such as refrigerators which order groceries must have some sort of payment details set up, your smart thermostat knows when you’re going to be out and when you return home, and wearable fitness and health trackers record a plethora of personal information that only your doctor knows.
Therefore, it’s vital for IoT manufacturers and users to put security first with these devices.
IoT Devices and Hacking
It’s also important to realise that data theft and fraud isn’t the only security risk when it comes to IoT devices. Back in 2015, hackers proved that it was definitely possible for them to take control of IoT devices by taking control of a Jeep’s steering, braking and transmission systems remotely whilst it was in operation. Whilst connected cars are amongst some of the most hyped and anticipated innovations promised by the Internet of Things, it’s vital to be aware that the more automated cars become, the more vulnerable they are to attacks such as these.
Last year, smart TVs also made the news when it was revealed that the Samsung Smart TV is able to listen in to your conversations, record them, and share the data collected with Samsung’s servers for analysis. And, if the manufacturer is able to do that, then there’s no doubt that it’s also possible for hackers to use this in order to spy on you, something which could pose a serious security threat for businesses that use smart television screens. With attacks on cloud-connected devices jumping a huge 152% last year alone, this is definitely not simply idle speculation and more security measures must be taken in order to ensure that attacks are prevented.
How IoT Security Risks Affect Your Business
With more and more businesses using the Internet of Things in order to better complete tasks and improve efficiency, it’s important for both business leaders and employees to be fully aware of all the heightened security risks which are a result.
Every single device and sensor included in the Internet of Things represents a potential risk. How confident an organisation can be that each device has the controls in place in order to preserve the confidentiality and security of the data collected and integrity of data sent depends on the degree of seriousness placed on data security and protection when using IoT devices for business. Researchers at Eurecom, a French technology firm downloaded a total of 32,000 firmware images from potential IoT device manufacturers, resulting in thirty-eight vulnerabilities across over a hundred products, including issues such as poor encryption and back doors which could eventually give way to unauthorised access. Consequently, it’s important to understand that just one weak link could potentially open up access to hundreds upon thousands of devices on a network, which could have devastating results.
Integrity of Data and Trust
Business systems will receive a huge amount of data from a massive range of connected sensors in the Internet of Things, but is it possible for an organisation to be completely sure that this data has not been tampered with or compromised?
Let’s take, for example, the idea of utility companies, who collect consumer data from smart meters in homes. Researchers have already come to the conclusion that it’s entirely possible for smart meters to be hacked in order to under report energy use, therefore opening up opportunities for fraud. During experiments, they were able to fabricate messages being sent from the meter to the utility company and report false data.
So, what can be done in order to prevent the hacking of IoT devices and protect the integrity of the data which they collect? In recent years, it’s become easier than ever before to protect our devices such as PC computers and laptops – anti-virus security programs can be bought from high street stores or simply downloaded straight from the internet. However, for many of the devices used in the Internet of Things, this security capability does not exist when they suddenly become connected. Because of this, it is vital for consumers to push that security be built into the design of these devices and systems in order to increase trust in not only the hardware itself, but also in the protection and integrity of the data it collects.
Privacy and Protection
The Internet of Things has given businesses a range of innovative ways to collect data on their customers and employees, which can help organisations make smarter and better decisions. However, there is a price to pay for this, with the increase in methods of data collection bringing about a huge impact on privacy expectations. If any data which is collected by these connected devices is compromised, it will reduce trust not only in the Internet of Things, but also in the organisation which has utilised the IoT for data collection. Already, we are seeing consumers placing higher expectations on both businesses and governments to ensure the safeguarding of their personal information.
With everything now connected, the Internet of Things is breaking down the separation between the Critical National Infrastructure (CNI) and the consumer world. Potentially, everyday items could be targeted and exploited by hackers and cybercriminals in order to gain access to the CNI, and get through the security which protects things such as air control and oil fields.
How Can Businesses Deal with the Security Risks?
With the IoT increasing in popularity and more businesses using Internet of Things devices in order to collect data, organisations must now begin to identify the risk level for their current exposure to the Internet of Things. Plans for the future should most certainly be put in place regarding use of IoT devices and the privacy and security implications associated with these devices. It’s also important to be aware of the type of data Internet of Things devices will generate and how big of a security risk they possess.
For businesses which utilise smart technology and IoT devices in their day to day processes, educating employees on the risks associated with the IoT and how to best prevent attacks and breaches is of utmost important. With cybersecurity on the rise and businesses of all sizes and across a number of different industries being susceptible to attacks from hackers and social engineering, it’s also absolutely imperative to understand that IoT use could potentially open new doors for cybercriminals to gain access to confidential data and wreak havoc on businesses.
The Internet of Things truly is an exciting new phenomenon which promises to create a whole range of new opportunities, however trust is the foundation of the IoT and this needs to be underpinned by utmost privacy and security. If we are to reap the benefits of this newly connected, smarter world, it’s absolutely vital to begin having serious conversations about how we plan to secure data and ensure privacy and integrity. If your business uses or plans to use the Internet of Things – something which will be a given in the future – security should be your main priority.