Cyber

Staying safe in the internet of things

by Mark Rowe

Given that computers experience a hacking attempt every 39 seconds, more online devices means more attempts. Data published by the Internet Crime Complaint Center (IC3) in the United States on cybercrime statistics shows that personal data breaches are up by 60 per cent in the last year, affecting over 50,000 US citizens in 2018 alone. With the rapid adoption of Internet of Things (IoT) devices, internet security has never been more vital to individuals and organisations alike. Given that computers experience a hacking attempt on average every 39 seconds, more online devices means more attempts. IoT device owners will need to be more responsible at work and at home to avoid falling victim to opportunistic hackers.

What is the internet of things?

The Internet of Things describes the network of devices which connect with each other and the internet. Examples include Fitbits connected to smartphones, ‘smart’ thermostats and wearable devices. IoT in the workplace encompasses laptops, smartphones and other devices connected to the main network and often pose distinct security threats which could affect the countless people an organisation holds data on. There were about 23 billion IoT devices installed last year and estimates expect this number to reach 75 billion by 2025. Samsung alone believes it will have to secure more than 7.3 billion devices by 2020, evidencing how wide-reaching this new form of technology is and how significant the need for security is.

Threat to businesses

The key IoT issue in work is with Bring Your Own Device (BYOD) policies, allowing staff to use their own portable devices for work. Without the proper encryption, each of these devices is vulnerable to attack and could leave the organisations’ network exposed. Either encrypting all devices to be used by staff or by supplying company-approved devices to staff could help cover the gaps in security in BYOD workspaces. Another solution to this issue could be to ask all staff using their own devices to work on a Virtual Private Network (VPN), separate from the main company network to keep it protected.

Some businesses globally don’t know how to spot IoT breaches. Given that this is an emerging technology, many cyber security departments don’t have IoT specialists who are able to identify breaches. This issue will only be solved by encouraging education in new technologies like the cloud and IoT at higher education institutions and more specialist training at companies which employ IoT specialists already.

Some more common IoT issues businesses experience include:

•Default passwords – many workers don’t change their passwords, leaving them open to hacking by malware and automated software
•Lack of updates – software updates often remove bugs which, if left unchanged could leave gaps in security
•Unencrypted communication – hackers able to access sensitive communications can exploit them through phishing
•Ransomware – compromised devices can enable ransomware, meaning sensitive data is stolen or encrypted and lost to the company.

At home

Five username and password combos give access to 10pc of all IoT devices. Because many IoT device owners don’t change the default username and password, anything from washing machines to WiFi networks can be accessed by hackers using just five combinations. The most common combinations include:

•Admin/admin
•Admin/0000
•User/user
•Root/12345
•Support/support

Hackers able to break into one device may also then be able to access an entire household’s network of devices, meaning one compromised machine affects them all. Making sure all devices have a secure password helps cover all devices on the network from a host of issues, including data privacy risks, unwanted surveillance and viruses/malware.

Home assistants

In the wake of recent revelations that recordings by Google’s home assistants are listened to by human staff, privacy concerns around home assistants are becoming increasingly prevalent. This follows reports of Amazon’s Alexa sharing recording data with other customers being improperly used by staff, revealing a more sinister side to the helpful IoT tool that 20% of US adults have in their homes.

Ensuring your data is safe when using a home assistant lies in the agreement with the companies providing them, which should ensure a much more transparent data collection policy which makes all users aware of just how their data is used behind the scene before they decide to buy one. For example, Amazon now allows Alexa users to delete the day’s recording with the command, “Alexa, delete everything I said today”, giving you more control over the data being stored by Amazon. Since 68 per cent of users ‘chat’ with their speaker for fun, the privacy threat from home assistants doesn’t seem to be too present in consumers’ minds, but with these stories emerging more frequently, consumer trust in companies like Amazon and Google is likely to become a much bigger issue in the future unless something is done.

Data breach predictions

Data breaches are up by 63pc in the last year and up 157pc since 2015. To mitigate this upward trend, businesses will need to ensure their cyber security practices are robust, regularly reviewed and reactive to recent threats. On the other side, consumers should demand that their data is handled carefully by every business they interact with and attempt to influence the market by making more privacy-conscious choices.

This article was written by Damon Culbert from Cyber Security Professionals, cyber security jobsite.

See also this 30-second video: https://spark.adobe.com/video/jV8kqb5qkm69Z.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing