From Around the Web: Cybersecurity and the IoT
Glenn Schulke (IoT expert, writer of IoT: A Tidal Wave of Trouble) recently shared with us what hackers could be able to do once cities reach a connected society. We thought of many petty pranks such as:
- Requesting your smart fridge to order 20 jars of pickles
- Adjusting the smart fridge temperature to 60 degrees Fahrenheit (spoiled food)
- Changing the smart thermostat every five minutes (higher electricity bill)
- Turning off the hot water heater from 5:30AM to 8:30AM (cold showers)
- Scheduling a time to turn the smart lights on and off at 3AM every night (haunted house)
It reminded us of haunted houses. Once you are out of a haunted house you can separate the scary events from reality and move on with your life. While many of the petty pranks above are relatively harmless, the results of hacking could be much more malicious. According to CNBC, in 2016 “cybercrime cost the global economy over $450 billion, over 2 billion personal records were stolen and in the U.S. alone over 100 million Americans had their medical records stolen.” The results of these cybersecurity breaches are horrifying and heart-breaking to those businesses and individuals affected. With IoT, this reality is coming to fruition, fast. However, business owners can protect themselves by taking necessary precautions with cybersecurity.
Cybersecurity will be crucial in the purchase of IoT devices with the Botnet of Things. The global IoT security market has been forecasted to increase by 55% year over year. The latest Botnet of Things hacking incident was not random regarding the devices it hacked. The connected Internet of Things devices were all unprotected and had the same default passwords. The combination of these hacked connected devices was able to shut off access to popular sites like Netflix, Amazon, etc. up and down the eastern coast of the United States. Something as basic as changing a default password could make all the difference in not getting hacked. The Federal Trade Commission offers the following advice in securing IoT devices:
- Don’t just click “next” when you set up your IoT device. Review the default settings carefully.
- Download the latest security updates for your IoT device.
- Change your preset passwords.
Ensuring the security in the setup of IoT devices is essential before purchase. According to a Forbes article on Cybersecurity and IoT, “One critical but overlooked IoT security best practice is changing default credentials.” Purchasing IoT devices requires more care for security, rather than less care. Cybersecurity measures are even extending to the medical industry. Hacking medical devices has been increasing throughout 2017, resulting in attention to the ways that the devices are secured. In August 2017, the FDA issued a recall on 6 types of pacemaker devices. The pacemakers were recalled because they were susceptible to cybersecurity attacks. This recall affected nearly half a million patients across the U.S.
The Threat Is Real
The 2018 Insider Threat Report produced by Cybersecurity Insiders surveyed 472 cybersecurity professionals on the current state of insider threats and found that:
- 90% of organizations feel vulnerable to insider attacks.
- A majority of survey participants (53%) have confirmed insider attacks against their organization in the previous 12 months.
- Organizations are shifting their focus to detection of insider threats (64%), followed by deterrence methods (58%), and analysis and post breach forensics (49%).
- The most popular technologies to deter insider threats are Data Loss Prevention (DLP), encryption, and identity and access management solutions.
- Most organizations that participated (86%) already have or are building an insider threat program.
The Insider Threat Report was produced in partnership with leading cybersecurity vendors: CA Technologies, Dashlane, Haystax Technology, HoloNet Security, Interset, Quest, Raytheon, RSA, Securonix, and Veriato.
Securing Valuable Assets
We know that valuable assets should have higher security measures and these measures can reduce the costs of data breaches. A comprehensive list of security strategies for IoT devices can be found here. However, these are the most basic requirements that CIOs should consider before setting up security settings to prevent breaches:
Keep it simple
- Assume your users are 5 years old
- Create ways to prevent accidental access
- Provide additional barriers for malicious access
- Allows for easier fixes
- Multiple failure modes increase potential for mistakes
Never secure by default
- Default security measures are also known as “failing securely”
- Make users change default passwords
- Creating a default setting for just about anything in cybersecurity is not good
- This often brings in some complexity, but it is worth the effort
Know your environment
- Patch issues as quickly as possible, otherwise hackers can exploit these issues
- Review user access privileges regularly
- Continuously test and validate your security for risk readiness
- Consider edge use cases
- Don’t use a public network for critical devices
- Vet your suppliers to ensure they follow proper security procedures
In a world that is advancing towards more technology and innovation, connectivity is valued at a premium, while cybersecurity is often the after-thought. Consider cybersecurity in the setup of all of your devices.
Charles Zulanas, MSS Senior Consultant, contributed to this article.
Other articles From Around the Web
From Around the Web: You’re Being Disrupted!
From Around the Web: Managing Office Politics and Generational Gaps
From Around the Web: Supply Chain Management
From Around The Web: Automating Legal Services
From Around the Web: Automation and the Technological Advances of Yesterday
From Around the Web: Have You Thought About Safety?
From Around the Web: Is Your Company Innovative?
Could Decision Fatigue Be Bogging Your Customers Down?