IoT and Cyber Risk - How to keep your business safe
Updated 6th July 2017
With the rise of smart TVs, smart homes and self-driving cars, the Internet of Things is gradually edging its way into our everyday lives. Business Insider predicted that there will be 24 billion Internet of Things devices in the world by 2020, as our homes, workplaces, transportation and cities become increasingly automated, connected and intelligent.
But along with the enormous benefits, the IoT also comes with plenty of risks. In a world that is already vulnerable to the threat of cyber-attacks and data breaches, more connected objects and devices means billions of new entry points for hackers. And in many cases, these devices are a much softer target than traditional computers.
Here's a few of the ways the IoT could leave us exposed:
They know all about you
IoT devices, whether that's a smart watch, home, or connected car, are constantly collecting data on your movements and habits as you go about your daily life. This is useful in one respect because the more the technology knows about you, the better it can respond to and work around your needs. But what if this data gets into the wrong hands? Best case scenario, it could be used by other businesses, to sell you their offers and services. Worse case, it could get into the hands of criminals, allowing them to steal your identity, or target your property or belongings based on what they know about you. IoT companies will need watertight data privacy and security to stop this from happening.
Devices could be hijacked for malicious purposes
In 2015, security researchers managed to hack into the computer systems of a Jeep, killing its transmission and causing the recall of 1.4m vehicles. So just imagine the possibilities when we're surrounded by hackable devices, in our homes, workplaces and everything in between. It could pave the way for covert surveillance, cars being hijacked, or security systems being compromised. Consumers and businesses need utmost confidence that this isn't going to happen.
In October last year, a massive DDOS (distributed denial of service) attack temporarily brought down some of the biggest websites in the world, including Netflix, Twitter and CNN. Hackers did it by attacking Dyn, which controls much of the internet's domain name system, using a zombie botnet of around 100,000 IoT devices. And this is one of the big risks of the IoT- not only are there now thousands of connected objects, but they usually have lower levels of security than more sophisticated computers. That means they can more easily be taken over and used for these kinds of attacks.
What can you do?
To avoid becoming a victim, or inadvertently helping to cause an attack elsewhere, IoT security should be taken as seriously as with any other computer or device. Here are some key ways you can shore up your defences:
Evaluate IoT devices carefully before buying
Many manufacturers still don't think it's worth building security into connected devices, while others are starting to become more sophisticated. So, make an educated choice and do your research before purchasing.
Change passwords on IoT devices
It's all too easy to stick with the default password when using a connected camera or coffee machine. But you should treat these devices like any other computer, choosing a unique password and changing it regularly. You can find out more about good password practice in our blog on five password tips for better SME security****.
Update software and patches regularly
As with computers, failing to install software updates and patches on IoT devices can leave them more vulnerable to attack. So, keep an eye out for new releases from the manufacturer and install them promptly. Avoid 'orphan' devices
To avoid giving hackers an easy backdoor into your systems, make sure you remove all the data from old IoT devices and disconnect them from your systems when you replace them. Also consider returning old electronics to the manufacturer, who is obliged to recycle them under the Waste Electrical and Electronic Equipment Directive (WEEE). Invest in a protective shield
Perimeter based security is unlikely to be enough if you have multiple IoT devices connected to your networks. Instead, consider investing in a cloud-based protective shield, which will stop any malware before it gets near your apps and devices. This kind of technology will also allow you to monitor all data traffic in real-time, enabling you to identify anything unusual as quickly as possible.
The IoT market is currently a bit like the Wild West – everybody wants to get a piece of the action. And while on one hand that means lots of fancy new gadgets to play with, it also means that many are being released without the right security in place. Businesses and individuals need to act now, to avoid giving a free pass to cyber criminals in the future.
To read more about the IoT, check out our blog on The Internet of Things: A Connected Future.
The biggest cybersecurity threats of 2019
As cyber-crime becomes more common-place, all businesses – even small ones – need to be prepared.
Why is cybersecurity important?
Investing in cybersecurity technology, processes and training is vital for a small business. Here's why.