The buzz phrase “Internet of Things” (IoT) has been used quite heavily in the IT industry in the last four years with more and more people embracing this technology at home and in the workplace.
Even now, you might be wearing some form of IoT device on you that monitors your health, temperature or mood, but how safe are these devices?
The light side
We have considered the IoT devices now available in the super-tech kitchen to illustrate the growth of their popularity:
The above represents the light side of IoT, but as tech companies continue to find ways of adding WiFi to everyday items, the trend to create smart items, has also revealed a dark side.
The dark side
The lack of security in IoT devices poses risks, not only to the consumers using them but the businesses who may unwittingly become victim of a DDoS attack or unwittingly become part of an attack themselves.
The absence of basic security offers an opportunity for hackers to recruit unsuspecting botnet soldiers to help them attack business websites through their domain name supplier (DNS).
From a business point of view, these soldiers include routers, digital cameras and video recorders, webcams, CCTV cameras, thermostats, alarms, building management systems and smart coffee machines, which you may not consider worthy of security.
And yet, a UK survey* of IT professionals recently revealed that 25% felt there was a high chance a company would be hacked through IoT devices while 39% thought there was a medium chance.
In addition, 68% felt all sized enterprises were equally vulnerable to an IoT related threat. This is not a situation that will just be suffered by the likes of Tesco, Twitter, eBay and other large businesses.
With 75% of the same cohort saying not enough is being done by manufacturers to implement sufficient security measures for IoT devices, all businesses need to take note.
In addition to lack of manufacturer security, protecting your IoT devices is not something you can achieve by purchasing an off-the-shelf security solution. Every business network is different and therefore needs an expert to take the time to ascertain every aspect of it before designing a solution to ward off all threats. Segmenting networks to protect more sensitive resources such as email and file servers should be part of these solutions.
To back up my thoughts, Sean Sullivan, a security adviser at anti-malware company F-Secure, recently said: “IoT devices would not be as dangerous if many networks were configured properly.”
IoT devices need to be considered as part of the whole security picture. If you need advice on protecting your network, do not hesitate to contact me. Do not let your seemingly harmless webcam bring your business network down.
*Information Systems Audit and Control Association 2015