Guest Post by Beata Green
Beata Green discusses the difference between what customers and specialists think about IoT security, the vulnerabilities, and why is it so important to sustain IoT security?
One will never know when a cyber hacker decides to attack that fashionable smartwatch to compromise a person’s most sensitive data or take advantage of that inconspicuous smart coffee machine to effectively violate a company and its employees’ privacy. A security gap in a smart lock may even lead a cybercriminal to unlock an entire office’s security system. More devices being connected to a network translates to a greater number of channels through which the increasingly clever cybercriminal can steal something from or do what they want with any network. Security issues abound starting from the gadget itself to the gateway that connects it, and the network to which a device is linked.
At least that is the consensus of IT professionals, who know much more about security in the Internet of Things (IoT) than the average network user like the rest of us. And that should alert most individuals and businesses to stop taking IoT security for granted.
IoT is the way more and more ordinary devices are given network connectivity and data processing capability, this has improved both people’s lives and business efficiency. As with any other technology, IoT comes with risks because it has not only improved our way of life; it has also empowered every cyber hacker by giving them more ways to develop ingenious methods to commit computer crimes that affect personal or business data, privacy and security.
Many people do not think much about IoT security issues either because they have never been subject to cyber-attacks in the past or they think that they can effectively secure their devices on their own. Moreover, some may even think that IT professionals are highlighting security issues unnecessarily in respect of IoT because providing solutions to these problems is their bread and butter.
Nevertheless, the fact remains that one never knows when the first security breach may happen to their system. When that time comes, it would be too late to bridge gaps that should have been addressed earlier on. More importantly, that future attack may not just be a very expensive mishap but may even sacrifice an entire business. At that future and unfortunate time, it will be too late for regrets and too late to realize that the cost of dealing with security issues at the present would have been completely worth it.
Disparity in consumer and IT expert survey
ISACA (isaca.org) is a global nonprofit association established in 1969 that supports and provides useful tools for all enterprises making use of information systems. In a survey conducted by ISACA in late 2015, the body found an ocean of difference between how IoT security is considered by U.S. consumers, on one hand, and by IT professionals, on the other.
ISACA confirmed that the majority, 64%, of consumers in the U.S. believe that they are capable of managing the security of their IoT devices. 83% think that they have sufficient knowledge in IoT to control, among them, an average of 5 devices in their homes.
Meanwhile, a good number of IT and cyber security professionals, at 77%, think otherwise. The experts believe that manufacturers have been amiss in providing sufficient security built into these devices.
According to ISACA, the use of IoT devices is an “invisible risk” that the IT professionals surveyed considered as underestimated and under-secured. 74% assess the risk of being hacked through IoT as medium or high. Contrast that with the belief of half of them that the IT departments of companies are not even aware of the number and kind of devices connected to their respective networks. In line with that, 62% of the experts opine that the use of IoT devices is inversely proportional to employee privacy. 88% think that consumers have insufficient information regarding the data that their techie devices make use of.
The increasing demand for smart TVs, wireless fitness gadgets, and even smart cars by ordinary consumers mirrors the increasing use of IoT in businesses. The greater the range of gadgets invisibly connected to numerous interconnected networks, the more possible security flaws and holes there are for a resourceful cyber-attacker to take advantage of. We do not see the prevalence of IoT decreasing in the near future. In fact, IoT is expected to linger for much longer and with that, so is its exponential growth.
At its present level, the cybersecurity experts are already raising red flags. Thus, before the range of IoT gadgets widens further, the security issues identified already need to be addressed. Otherwise, we would be dealing with an even more inflated and unmanageable risk that may explode in our faces one day.
Defensive steps
Technology has evolved so that people and businesses alike have no choice but to embrace it unless being left behind is their objective. While the risks are considered by the experts as medium to high, there are a lot of ways in which the issues may be addressed.
The simplest thing that an average user can do, perhaps, is to ensure that security updates in their personal IoT devices are in order. Companies can do more with their expansive resources by spending money on the training of their employees on IoT security; protecting their data by isolating their internal systems from a guest network, to which all other devices may be hooked; and allowing expert professionals to check their IoT security.
Manufacturers should likewise be required to adhere to stricter standards in divulging the data collected by their products and invest in research to implement the best security possible for each gadget.
IoT is not a fashion trend that will die down. Thus, it is about time that the security issues that come with it are addressed in order to make the most out of this growing technology.
Beata Green is Director of HeadChannel Ltd., London based bespoke software development company. She is responsible for overall strategic direction and overseeing the company’s continuing growth, building closer client relationships and maintaining best working practices.