Cybersecurity was predicted to be a hot topic in 2017 and that has proven to be true. With the many international cyberattacks from the WannaCry Virus to Russia’s interference in the 2016 elections, it’s clear that private information, computers, software, and IoT devices are not safe. Although we still embrace the Internet of Things, we do so with our eyes wide open.
Everything is turning smart. That’s a good thing, right? It’s creating better efficiency, a smarter approach to business, health, etc. But, like any technological advance, there’s a downside, and for IoT and that’s a decrease in security and privacy. Security isn’t keeping up as IoT advances.
Ransomware is being sold as “ransomware as a service” on the dark web. Attacks are becoming more and more prevalent as we move further into the Internet of Things. The multitude of attacks in 2016 and 2017 is evidence alone that cybersecurity should be at the forefront of business leaders’ minds because the impact on organizations, as well as individuals, is enormous and needs to be taken seriously.
The future of the IoT can go one of two directions. One, we course correct now and create devices that begin secure. Or two, continue on the course of compromised information, vulnerable infrastructure, and billions of dollars’ worth of stolen and extorted dollars from cybertheft, hijacking, and ransomware.
With the prevalence of the IoT and its projected growth, now is the time to work out the security glitches and create devices that are secure, starting with hardware and then building in security features throughout. Already, everyday household items like light bulbs and smart locks have been connected to the cloud.
Understanding the vulnerabilities of IoT
The IoT is pervasive. It touches every part of our life from the home, to our medical devices, to our exercise routine. Wireless routers, smart TVs, security systems, baby monitors, smart refrigerators, the list goes on and on, are all connected to the internet and are being hacked and exploited.
As it stands, security is often an afterthought in the rush to get new products on the market. The implications of cloud devices in an interconnected world have not been fully thought through. This is not doomsday, but we are sounding a warning that industries need to change their cybersecurity practices.
Cybercriminals, hackers, and others with malicious intent prey on the vulnerabilities within and surrounding IoT devices. One of the biggest vulnerabilities is the consumer. The average person is undereducated when it comes to security protocols and isolating threats. Let’s face it, we all know someone – or maybe you are the someone – that has clicked on a malicious link spamming their friends’ inboxes or releasing a cyber-demic at work. Even technology professionals fall prey.
More access points to your network equal more areas of weakness in your firewalls and security protocols. The experts who are building the hardware and coding the software to IoT devices are rarely experts in security. But that’s not a shortcoming of those IT professionals and engineers. Cybersecurity is one of the many segments of technology that requires specialization and experience. No one person is able to be an expert in everything. We need to figure out a way to get Cybersecurity at the development stage of our devices. Until we do that, we are at risk.
Don’t count yourself out if you’re not a Fortune 500 or global business; small to midsized companies are just as likely to suffer an attack. It will come from an employee clicking on a malicious link, a delay in patching an identified threat, or a weakness in your company’s printer, security camera or other innocuous IoT device.
Once your printer is hacked, attackers navigate to other devices, like laptops, and get to account information, social security numbers, credit cards, and more. It only takes one weak spot to open your business to a data breach or malware attack.
It’s not all doom and gloom.
The information technology industry, as well as others, are working hard to increase security and make changes. One great example of current efforts is IBM Z, IBM’s new mainframe system. A big reason our information is so vulnerable is because of the difficulty in encrypting information. It takes a lot of processing power as well as complicated math equations to accomplish good encryption. IBM Z solves this problem; they’ve created a system that can run 12 billion encrypted transactions in a day, on a line by line basis. To put it into perspective, CyberMonday processes around 30 million transactions globally within 24 hours. The IBM Z will be more than capable of meeting security needs as demands grow. This new system will offer security for much of the financial data shared across the internet from banks to retailers.
Other companies are working to combat security risks too. Fiat Chrysler has initiated a “bug bounty program”, paying security experts up to $1,500 for each weakness found to try and catch vulnerabilities before they’re taken advantage of by wrong-doers. Although this is a good start, the industry should be catching vulnerabilities and weaknesses before devices and software go into production.
Conversations about cybersecurity are happening. From government agencies to board rooms, the risks and needs are not being ignored. CTOs are making investments, presidents are initiating policies, and device makers are making changes. Cybersecurity companies are popping up and expanding to meet the demand needed by companies and individuals to keep their information safe. Opportunities abound for innovation, job creation, and industry growth.
Protect data while cybersecurity catches up
Although there is still a lot to do on the production front, there are still many things you can do to help mitigate risk for yourself and your company. The following is a list of things you can start doing to protect your information:
- Asses your risk. What types of IoT devices to you have? What kind of security protocols do you currently have in place? What are your future needs? Who’s responsible for keeping your Cybersecurity measures up-do-date?
- Don’t rest on your laurels. Operate as though a breach will occur. Even the most secure devices are prone to attack and will become increasingly insecure as time goes on because attackers are constantly looking for ways to get in. Be vigilant.
- Change default passwords. One of the easiest ways to get hacked is to leave default passwords in place. Passwords need to be complex; happy1234 is not going to cut it.
- Train your employees on a regular basis. Make sure your team knows the seriousness of online security, why changing passwords is important, and how to identify risks, such as phishing attacks.
- Update your devices regularly and apply patches immediately. Installing updates and patches immediately is paramount to having safe IoT devices and keeping personal information secure.
- Disable unused services and modify privacy settings of the device. By doing this you limit access points that a cybercriminal can use to get to your information.
- Protect your Wi-Fi networks. Build firewalls and think about setting up more than one network if your router makes that available. Also, consider disabling UPnP on your router.
Is cybersecurity worth the hype? We think so. As the IoT increases in popularity, so too should our diligence to security. There are a lot of working parts to creating a safe space for our information and we must work together. While we encourage developers, device makers, and security experts to create more secure devices we have to do our part on the front lines.