By Sungard AS
There is seemingly nothing that can't be connected to the internet – from parking metres to washing machines and even cattle. But the corollary is that everything that can be connected to the internet can be hacked.
Much of the information transmitted isn't adequately secured, and as the Internet of Things (IoT) becomes ubiquitous, cyber criminals are seeing new opportunities to harvest valuable information. How can you take advantage of the IoT wave without being swept away on a cyber crime tide?
Managing IoT cyber security risks
Data protection needs a rethink
When we visit an ecommerce website, we're at least subconsciously aware of a value exchange. The company gets to learn more about us for future marketing activity, and in return, we get our goods delivered and are kept up to date with special offers.
Information privacy laws sets out very clear guidelines around using data only for the purpose it was given, and how it should be securely stored to protect our privacy.
Not so with 'things'. Despite the fact there are already billions of internet-connected devices busy collecting data, the technology has evolved so quickly that the IoT landscape has become a regulatory minefield.
IoT risks: from coffee machines to chemical plants
A recent high-profile Distributed Denial of Service (DDoS) attack enabled hackers to compromise coffee percolators, webcams, surveillance cameras, routers and indeed anything they could get their virtual hands on. They used these devices without their owners' knowledge to unleash a flood of internet traffic that overwhelmed and crashed popular sites like Twitter, Netflix, Airbnb and even The New York Times.
The world won't grind to a halt if Twitter goes down. But there is a broader trend of hackers targeting critical infrastructures like power grids, chemical plants and transportation systems. In their recent report, 'A new front in Cybersecurity,' BI Intelligence revealed that companies that operate critical infrastructure reported 295 cyber incidents in 2015. The report also notes that industrial control systems weren't designed to be connected to the internet, so they haven't benefited from the embedded cyber security capabilities needed to ward off hackers.
Whatever industry you're in, the potential for disruption is almost unlimited. Imagine if the digital keypad that operates the power to your server room were hacked and switched off remotely – how much would your business stand to lose?
IoT security – where do businesses even begin?
Regardless of their current involvement in IoT-enabled models, businesses in all industries need to start taking the initiative now, from researching emerging IoT security best practices to learning how to master the transition from securing traditional PCs, servers and mobile devices to managing connected devices and sensors.
Many of the inherent challenges of IoT are very similar to those that have been faced and, to some extent addressed, in the Bring Your Own Device environment. Incorporating capabilities such as remote lock and wipe will be crucial if organisations are to deal swiftly and decisively with compromised devices.
Businesses also need to understand where the vulnerabilities of connected devices may lie, how complex they are and how severe a threat they pose. This risk assessment will be no easy feat, considering most of these devices are comprised of hardware platforms and software that the majority of IT teams will be unfamiliar with. It also means any project involving connected devices must be designed with security front and center, incorporating robust, role-based controls to ensure adequate protection. A further challenge of the IoT explosion will be to work out how to patch any device vulnerabilities promptly, since the complex firmware updates currently required are generally too complex to address on the fly.
Wi-Fi: friend or foe?
The proliferation of Wi-Fi-enabled devices connecting to the internet means businesses will need advanced threat intelligence tools to learn how to tell the difference between legitimate and malicious traffic patterns on IoT devices. For the most part, users themselves will not be sufficiently cyber-savvy to determine that the seemingly innocuous app they're about to download onto their smart phone contains malware.
Lastly, as more and more devices connect to the internet rapidly increasing demand for bandwidth, this may end up robbing critical applications of bandwidth, resulting in poor customer experiences, diminished employee productivity and falling business profitability. If organisations are unable to simply add bandwidth, they will need to increase traffic management, monitoring and prioritisation efforts to ensure business continuity and avoid potential loss of customer loyalty.