The ‘Internet of Things’ has caused a real stir, and we want to examine the Information Security threats it poses for your organisation.
50 years ago avid followers of star trek wouldn’t have believed that the technology in their beloved SCI-FI movies would become common place in the everyday lives of their grandchildren. Tales of artificial intelligence and household objects capable of detecting your every mood seemed a world away, but in 2014, they’re far from fictitious.
The Cyber Security industry is buzzing with word of The ‘Internet of Things’, it is certainly becoming a growing phenomenon. Of course this is nothing new as businesses have been protecting their internal devices such as PC’s, mobile phones and tablets for years, it’s a cornerstone of good Information Security Management. What has changed dramatically however are the physical objects which are connected to the web, everything from elevators to vending machines.
Exciting? Maybe, but technological advances bring a host of new security threats to the table. We’re keen to analyse the security threats that the ‘Internet of Things’ poses for organisations. Should organisations embrace the growing number of devices which will be connected to the web, or completely deny any attempt to do so?
What’s The Risk?
- From smart parking and physical security systems to intelligent waste disposal, denial of service from these everyday necessities could cause chaos. DDoS attacks could target every end point, making the running of critical business functions impossible.
- Many of the objects now becoming ‘smart’ were not originally created to be connected to the internet and therefore security was not a design consideration. What if the intelligent automatic doors to your company’s headquarters were the first step towards a physical security breach?
- Breaches could easily be caused by unwitting employees too. Imagine if the director of finance left some highly sensitive information in their car whilst nipping in to tescos, whilst their car was transmitting it’s location.
These types of attacks can be referred to as ‘Watering Hole Attacks’ where the threat comes from the physical object rather than the users.
Securing the ‘Internet of Things’
- The key thing to remember is: If it’s connected to the internet, it is vulnerable to attacks and will need to be secured, just because it doesn’t look like a PC, doesn’t mean it can’t become infected.
- Keep a check on the software manufacturer’s website for security updates. If vulnerabilities are discovered, manufacturers will often secure them in new updates to the software.
- Change default passwords that come with your new device. Remember, never use the common ones ‘password123’ and ‘p455w0rd’ are not secure! A random string of upper and lower case letters, numbers and symbols is perfect.
- Have an authentication system in place, prior to receiving or transmitting data the device should be forced to authenticate itself. These actions must also be kept in a register, so that suspicious activity can be monitored and action taken as necessary.
As with all new areas of technology, organisations shouldn’t panic unnecessarily about the potential for harm. We’re keen to emphasise that the internet of things can bring great efficiency improvements to your organisation, but as always people based and technological controls need to be put in place.