Cybersecurity and the Internet of Things
With hackers constantly reinventing themselves (think: the evolution of Nigerian price scams into specific, targeted methods including ransomware), there is a pressing need for cybersecurity efforts to be shored up and reinforced.
Breaches can be costly too – a study by the Ponemon Institute sponsored by IBM estimated that the average cost of one is almost four million dollars.[1] This is exacerbated by the fact that one of the main themes surrounding the IoT world is one with increasing interconnectedness. Hacking is no longer an exercise in isolation, and the potential of a single breach on a seemingly small and unimportant device can have far reaching effects – for example, a thermometer measuring the conditions in a fish tank was used to hack into a casino resulting in stolen data,[2] while gadgets and toys connected to the world wide web have been shown to be vulnerable to hackers,[3] which is particularly troubling especially when children are involved. Most notably, the cost of a breach is no longer measured or monitored merely by its monetary cost, but also the danger it poses to individuals.
Thankfully, companies are well aware of the urgency of the situation – security providers are releasing record numbers, and company spending on cybersecurity is increasing.
However, the thing about this problem is that despite the conversation already happening and a general awareness surrounding the issue, there is a lack of solution. Suggestions have been made to the extent that some have proposed that all IoT devices to be marketed should be reviewed independently for security purposes – an endeavor that will surely prove to be expensive and impractical given the large amount of devices and solutions that are projected to go into the market, not to mention the regulatory differences across borders. Some search for the best value – how to reduce the most risk at the lowest cost, while others believe that the more is being spent, the safer it is. Neither is right though, as it also has been noted that despite the amount spent on cybersecurity, a lot of money is going to solutions that have been touted or marketed as cutting edge, but in truth are solutions that have not been verifiably tried and tested, lacking in a proven track record.[4]
A proposed measure that appears feasible is the notion of using intelligent and smart systems to detect usual activity – not only to prevent attacks, but also in terms of damage control.[5] It currently takes almost 200 days for organisations to discover that they have been breached, and another 70 days to do something about it.[6] On timescales of this size, we can be assured that any important information is likely to have been found and long gone. Therefore, intelligent systems that can detect and shut down attackers fast enough, hopefully before important information is accessed and compromised, is likely to be the panacea and our best hope in the foreseeable future.
[1] https://www.ibm.com/security/data-breach
[2] https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino/?utm_term=.9cac4353d55f
[3] https://www.nbcnews.com/tech/security/fbi-warns-parents-privacy-risks-internet-connected-toys-n784126
[4] https://www.ioti.com/security/keeping-cybersecurity-spending-track-iot-adoption-swells
[5] https://hbr.org/2017/12/the-internet-of-things-is-going-to-change-everything-about-cybersecurity
[6] https://www.ioti.com/security/active-defense-and-quest-outsmart-hackers
3 comments on “Cybersecurity and the Internet of Things”
Comments are closed.
A great post about a topic that is becoming more and more important at increasing speed. We are entering the era where everything is connected. Let us think back of the time when we were entering the mobile era. Back then we secured our computers at home in various ways, but we moved a lot of our digital interactions to our mobile devices. At that time the mobile devices were not secured in the same way our computers at home or in the office were – making us vulnerable. Now we are heading towards 100 connected devices per capita – and a lot of them are not secured and/or it is unclear how to secure them. There is no doubt, that IoT devices make our life more comfortable and are increasing efficiency in many ways. But let us be clear, the adoption of IoT is currently happening faster than securing IoT!
Users who have LIKED this comment:
Cybersecurity is always a subject that is need to be discussed. In today’s world we expose ourselves a lot more online and it is essential that both businesses and individuals will find ways that will secure their data. One of my biggest concerns is that people do not fully understand the dangers and the threats that they might face online and the vulnerability of the systems that we use in a daily basis. That might be the biggest problem of all. The lack in understanding of the advantages and the consequences that one might experience online.
Thanks for bringing attention to an important topic. I do agree that security is going to be the primary concern with the increased reliance on digital gadgets for conveniences. Unfortunately, the conveniences are getting marketed easily to novice tech users who are converting their homes into a mini network. Companies should not expect users to understand the technical jargon related to security. So security must be built into the product by their makers and they should also maintain the integrity of the sold product. Intelligent systems for security seems to be a good solution and I hope that it will provide security to novice end users.