How the Internet of Things has Made Life More Interesting but Cybersecurity a Whole Lot More Challenging
The Internet of Things (IoT) has certainly made life more
interesting. While customers can do anything from managing their homes remotely
to receiving targeted adverts, businesses have been presented with unprecedented opportunities for
innovation, diversification, agility and cost optimization. It sounds
like a win/win situation with both customers and suppliers deriving significant
benefits from this exchange. But, of course, it is never as simple as that. We are now vulnerable in ways we could not
have imagined a few years ago.
interesting. While customers can do anything from managing their homes remotely
to receiving targeted adverts, businesses have been presented with unprecedented opportunities for
innovation, diversification, agility and cost optimization. It sounds
like a win/win situation with both customers and suppliers deriving significant
benefits from this exchange. But, of course, it is never as simple as that. We are now vulnerable in ways we could not
have imagined a few years ago.
Although the IoT brings a myriad of
benefits, the speed of its adoption and
expansion has been unexpected. This means that it has also been largely
unplanned and uniform standards are not yet in place. However, although there is no formal
IoT standard to be adhered to, and the installation, maintenance and security of devices is often
outside the responsibility of the traditional management chain, organizations are not absolved from responsibility for
security around the collection, analysis, privacy and management of the data
obtained.
benefits, the speed of its adoption and
expansion has been unexpected. This means that it has also been largely
unplanned and uniform standards are not yet in place. However, although there is no formal
IoT standard to be adhered to, and the installation, maintenance and security of devices is often
outside the responsibility of the traditional management chain, organizations are not absolved from responsibility for
security around the collection, analysis, privacy and management of the data
obtained.
One of the key issues around the IoT is that information is collected, communicated,
analyzed and processed through automated sensors. It does not require human
input. So, while it is providing the benefits of smart technology to
organizations, businesses and households, it is also automatically generating a
huge amount of specific personal and sensitive data which is accessed by or
shared with third parties.
analyzed and processed through automated sensors. It does not require human
input. So, while it is providing the benefits of smart technology to
organizations, businesses and households, it is also automatically generating a
huge amount of specific personal and sensitive data which is accessed by or
shared with third parties.
For as long as IoT has been around, cyber criminals have been
developing their skill sets and exploiting the vulnerabilities inherent in the technology.
The explosive
increase in the number of personal Internet-connected devices has brought about
an exponential increase in the volume of data. This situation has led to an
increased risk of potential data breaches because it has created new pathways
for attack and expands the possibilities of the kinds of data that hackers can
compromise.
developing their skill sets and exploiting the vulnerabilities inherent in the technology.
The explosive
increase in the number of personal Internet-connected devices has brought about
an exponential increase in the volume of data. This situation has led to an
increased risk of potential data breaches because it has created new pathways
for attack and expands the possibilities of the kinds of data that hackers can
compromise.
A
robust cybersecurity strategy should, therefore, be based on the assumption that
when it comes to a cyber breach, it is not a question of if, but when. By 2020 it
is estimated that 25% of cyberattacks will target IoT devices, making it
important that IoT security is at the core of any data security strategy.
robust cybersecurity strategy should, therefore, be based on the assumption that
when it comes to a cyber breach, it is not a question of if, but when. By 2020 it
is estimated that 25% of cyberattacks will target IoT devices, making it
important that IoT security is at the core of any data security strategy.
As the uptake of
the IoT grows, so has the demand for vulnerability testing. Using automated
vulnerability testing tools to explore the infinitesimal possibilities for
entry into your system is a good starting point. If correctly scoped these
vulnerability tests will provide the intelligence required to implement changes
and to target more strategic and in-depth penetration testing.
the IoT grows, so has the demand for vulnerability testing. Using automated
vulnerability testing tools to explore the infinitesimal possibilities for
entry into your system is a good starting point. If correctly scoped these
vulnerability tests will provide the intelligence required to implement changes
and to target more strategic and in-depth penetration testing.
2. Internet of
Things Penetration Testing
Things Penetration Testing
Penetration testing brings the skilled human mind to the process
of developing, exploring and exploiting potential weaknesses, much in the way
that a hacker would. Potential areas of vulnerability are identified and a
professional penetration tester should be able to provide you with a
remediation strategy. Going one stage further, Red Teaming uses the skills of
highly qualified individuals to simulate a real-world attack, designed to
assess the suitability of the current security programme and offer remediation
advice where appropriate.
of developing, exploring and exploiting potential weaknesses, much in the way
that a hacker would. Potential areas of vulnerability are identified and a
professional penetration tester should be able to provide you with a
remediation strategy. Going one stage further, Red Teaming uses the skills of
highly qualified individuals to simulate a real-world attack, designed to
assess the suitability of the current security programme and offer remediation
advice where appropriate.
Although the IoT often does not rely on human involvement, people
can play an important part in building a defense or reporting and managing a breach.
Improved training, processes and procedures, including the identification of
unusual activity and the monitoring of user accounts and passwords together
with the removal of untrusted devices, will enhance security as well as an
organisation’s ability to anticipate and identify where issues or incidents
occur.
can play an important part in building a defense or reporting and managing a breach.
Improved training, processes and procedures, including the identification of
unusual activity and the monitoring of user accounts and passwords together
with the removal of untrusted devices, will enhance security as well as an
organisation’s ability to anticipate and identify where issues or incidents
occur.
An IoT security
standard may not be in place yet, but the existing regulations and data
security standards require swift notification of data breaches. Having access
to a Retained Forensics specialist team to provide professional, pragmatic and
strategic support in the event of any type of incident will bring significant
value to any Business Continuity strategy.
standard may not be in place yet, but the existing regulations and data
security standards require swift notification of data breaches. Having access
to a Retained Forensics specialist team to provide professional, pragmatic and
strategic support in the event of any type of incident will bring significant
value to any Business Continuity strategy.
As IoT becomes
ever more embedded into our devices and systems the onus will be on
manufacturers to produce devices which are secure by design. True security is
unlikely to be fully achievable, however, without regular scheduling of vulnerability
and penetration testing.
ever more embedded into our devices and systems the onus will be on
manufacturers to produce devices which are secure by design. True security is
unlikely to be fully achievable, however, without regular scheduling of vulnerability
and penetration testing.