Man OUT Of The Middle: Security in the IoT

From smartphones to smart fridges, the future is now, and it’s everywhere.

Nowadays, most devices are more or less linked into the Internet of Things (IoT), a term first coined by technology specialist Kevin Ashton in 1999 and currently used to describe a system of interconnected computing devices that can exchange data without a human element. The most commonplace example is, of course, your phone, which can track and transmit location, light, touch, and temperature all on its own.

We’ve discussed the risks and ramifications of your organization’s IoT, and why something as innocuous as the office printer can pose a threat to your IT security network. But experts advise that this is only the beginning, and IoT sensors will continue to permeate our lives in the form of microchipped clothing, livestock, and more.

The Internet of Things is a part of life, and will continue to be as we work towards self-sufficient technology and a more prosperous economy. McKinsey consultants estimate that by 2025, advancements in IoT will improve economic growth by up to $11.1 trillion per year.

But as businesses catch on and invest in a network that can analyze, communicate, and improve performance by itself, a new issue arises: that of data security. When billions of devices worldwide are recording and sharing data, both in the home and in the workplace, how can you ensure individual safety and privacy?

Rules Of Engagement

The IoT is in part about backend efficiencies. For instance, IoT-capable computers at your workplace may have an open connection to their manufacturer or registered business to consistently send data; in return, the manufacturer can issue updates or patches to resolve problems before they disrupt the consumer’s experience.

The other part of IoT feeds into an existing struggle between companies, consumers, and privacy, where smart devices collect consumer data, which is then sold to inform marketing and product or service development. For example, in your home, a smart fridge can make note of what you regularly eat, then arrange for you to receive email coupons for that same item. Even as consumer protection efforts work to reign in aggressive collection of private information, devices that track user behavior continue to enter the market, raising the demand for consumer data—including for hackers.

What can you do about a system that operates by its own rules, when user data is a hot commodity for cybercriminals looking to infiltrate your personal and professional networks? Experts say the best advice is staying informed. Company leadership should understand how all office devices record and transmit data, and in turn, should ensure their employees know the process as well. This helps companies better detect out-of-the-norm, potentially malicious attempts to compromise their systems.

For organizations with employees working from home due to the pandemic, it is highly recommended for IT leaders to have a complete understanding of how data is handled across work-wide systems, which now include household networks, home office spaces, and employees’ personal devices. Company networks are stretched thin across remote work environments, and to prevent infiltration, individual employees need to be mindful of inadvertently creating workplace vulnerabilities through less-than-secure home networks or home privacy practices that have their guard down. Ongoing privacy training and phishing simulations can be a valuable tool in keeping everyone alert. So can conducting a remote worker risk assessment.

Although cyberattacks will multiply as interconnected devices increase and endpoint protection becomes more complicated, the world intends to do its part. Most recently, a meeting of the Five Eyes intelligence alliance in October 2019 agreed that IoT devices must prioritize IT security, and a U.K. law unveiled earlier this year mandates key security controls for IoT manufacturers.

What To Look For

The world of IT security is growing and expanding all the time. Finding a service provider with comprehensive assessments that address your unique environment can feel like a challenge, but we’ve put together these 8 expectations to be your guide.

Whether it be the data exchange in your IoT network or picking the right security partner, we always recommend you do your research. You should never have to settle when it comes to the quality of your IT security assessments, and what your peers say probably matters most.

Don’t wait—contact us today.

Posted in BAI Security Blog, Reducing Security Risks, Security Risks and tagged , , , .