The internet of things is already likely go down as one of its biggest developments in the history of computing, but if we’re not careful there is still a strong possibility that it will it also be remembered for creating a massive cybersecurity headache.
The internet of things (IOT) refers to the idea of providing online connectivity to all manner of electronic devices.
“This currently includes the ability to control home-heating, energy use and lighting remotely by means of a smart meter,” said Darren Daly, partner and head of technology at law firm ByrneWallace.
“Smart watches, smart fridges and even the use of smart pills with connected monitoring patches are available on the market. The ability of IOT to even sensor both plant and machinery for agricultural use show the scope for IOT development.”
But while bringing this huge functionality to the connected world through sensors that record light, heat, activity or movement, people tend to be far more focused on devices’ bells and whistles rather than the insecurities and vulnerabilities they might introduce to networks, said Jacky Fox, head of cyber and forensics at Deloitte.
“For example, there have been a few cases where people have had a few IOT light bulbs, baby monitors or devices in cars used to hack into a more general network.”
Then there’s also the risk to the extensive amount of personal data, said Daly, such as a hacker finding a way to breach your home’s security.
Chris Davey, cybersecurity lead for Accenture Ireland, said that IOT represents a “seismic shift in the scale of computing, as well as making IT pervasive in the physical environment”.
“There are multiple challenges with IOT from a security perspective, particularly the ability to secure devices that may have a long, and partially connected lifetime, where those who have created these devices may no longer be involved by the time the devices are retired.”
Daly says that it’s easier to foresee the potential security breaches caused by BYOD (bring your own device) technology. “The BYOD technology has greater ability to be controlled if a company keeps a clear list of all employees and devices joining their network.
“On the other hand, the IOT network is able to expand without regulation. Most of the data shared on the IOT will be personal and contain sensitive information. We need to ensure that our security infrastructures will be ready to meet the demand for smart devices.”
He adds that the new cybersecurity directive should be able to assist with this.
Yet there is one strategy that users can implement straight away, according to Fox.
“We would be inclined to recommend that people should segment their networks, so that if you have a lot of – even in an home environment – IOT devices on your network, you should split it in two so that you have your IT devices on one side in what we call a demiliterised zone – a segregated area – and then have your more central devices like your laptop, your phone, anything that holds essential data in a different area of the network.
“Equally, for an office environment you should segment anything that you’re not comfortable with the security within the device. You should have it off on a different network so that it’s not exposing other things potentially on the network.”