What actually is ‘The Internet of Things’?
The internet of things is defined as ‘the interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data.’ Put simply, this describes the way in which many of us use the internet with a variety of devices every day. For example, we might now use our mobile phone to control our heating via a smart thermostat, track our workouts and sleep to our laptop via a fitness tracker, or set our television to record a programme we want to see from our desktop computer when running late at work. The Internet of Things has truly revolutionised the way in which we manage our lives and environment, and as more and more connected ‘things’ come onto the market (internet connected egg boiler anyone? ) the scope of internet of things is growing rapidly.
What challenges does the internet of thing pose for cyber security and how can you address these?
Recently, we have all been aware of the global cyber-attacks affecting health services, governments and educational institutes. Commonly, the attackers have found a way into an organisations computing network by exploiting a weakness in software which has not been properly updated, meaning there were holes in the network’s security. Once an attack happens, security teams are in a race against time to patch the vulnerability before the attack can spread.
The idea that a hacker can launch a cyber-attack via your coffee maker may sound like the plot of a straight to DVD sci-fi movie, but in reality Internet of things devices are incredibly vulnerable. In fact it is estimated that a typical internet of things device has twenty five different vulnerabilities. The most common security issues are as follows:
1. Lack of inbuilt security
Many IOT devices run without built in security. It has probably never occurred to you that you could be held to ransom via your smart thermostat – accessed through your phone or computer. However, last year hackers at a UK security firm demonstrated that this is entirely possible. In the grips of an icy cold winter, having a hacker remotely control your heating is not an appealing idea.
The fix
Make sure you are fully aware of the security features – and failings – each of your IOT devices has. Before investing in a new IOT device ensure that you do your research into which particular devices offer the best protection on the market. Make use of any additional security controls on the smartphone, tablet or computer you control your IOT’s by, and also enable any security features in web-based applications which interact with your IOT devices. For your business, ensure that your employees are aware of the security on any work-related IOT device and that they are using it appropriately.
2. Physical security issues
Many Internet of Things devices are controlled by our smartphones, tablets or laptops, often by an application we have installed on our home screens. For businesses, there is also a risk of a data breach if mobile devices are connected to a cloud based service which stores data. Should your device be lost or stolen hackers will have instant access to both a variety of smartphone applications controlling other IOT devices and also potentially a lot of sensitive business data.
The fix
It goes without saying that we are sometimes careless with our smartphones and tablets. Obviously you should always keep an eye on your phone, but you should be prepared in case the worst happens. Use a two-step encryption (i.e a fingerprint scan followed by a password) to minimise the risk of access to any applications installed on your phone which control your connected devices and to any cloud based service you might use on the move. Activate any security controls provided on your handset or by your network provider which enable you to wipe your phone’s memory should it be lost or stolen. Again, for business purposes ensure that your employees are properly protecting any devices they use for work purposes using the methods outlined above.
3. Running platforms and software unable to keep up with the IOT age
We have all read about the gaping hole in the NHS computing network caused by the health service still running Windows XP. Older versions of even the most commonly used platforms and software simply cannot keep pace with the rate at which the IOT is evolving.
The fix
While it is costly and sometimes irritating to have to keep purchasing new versions of software, it is really important, especially for businesses, to invest in the newest offering that you can afford. A data breach or ransomware attack can be far more costly both in monetary and reputational terms than the initial outlay on new products.
4. Forgetting to update regularly
Even the very latest software in the world quickly goes out of date, making your devices increasingly vulnerable to cyber-attack.
The fix
Install automatic updates for all software, applications and anti-virus protection on any computer, phone or device you use to interface with an IOT device. Carry out random spot checks on anyone who uses these devices within your organisation to ensure that there is no weakness in software on a mobile device carried by an employee which may allow a would be hacker access to your data.