I've often said that we live in an absolutely amazing time in history. The sheer amount of technological advancements seems to know no bounds, growing exponentially as every day passes. From apps to devices, the list is virtually endless when it comes to the daily connectivity that we all enjoy and have come to expect in our modern age.
However, as more and more devices continue to flood the market, each one poses a very real and very serious threat to corporate cyber security.
The Internet of Things (IoT) is by far one of the most important technological advancements in human history, representing the entirety of the human condition. And whether it be devices made for medical use, education, monitoring of other devices, or simply to make our home environment more enjoyable—IoT represents limitless possibilities.
With something so prevalent and important, it’s astounding how many of these devices come with little to no inherent built-in security. So why is that? Perhaps it's due to the nature of the devices. For many they can be considered “dumb,” meaning there is really no operating system other than simple functions that allow for simple interactions.
Examples of this type of device range from Bluetooth-enabled electric kettles, to wifi enabled lightbulbs, to the simplest of sensors that detect things like environmental factors such as increases in heat or cold. And when looking at the feature/functionality of these, their one-trick-pony nature is perhaps why security is often overlooked.
A kettle that does nothing but turn on via an app to boil water at a chosen time seems hardly worthy of in-depth security measures. More so, what does a lightbulb do other than turn on and off and if highly advanced change color when desired.
However, this is where these devices become dangerous. For the nefarious—those that lurk in the far reaches of the dark web, planning the next big scam, malware, or attack—this is where opportunity collides with harsh reality.
Each of the aforementioned devices are weak points in the armor that an organization builds around its systems, its people, and its data. This means that something as simple as a wifi connected lightbulb can now become a terrifyingly open pathway into the inner sanctum of any organization—a device built in the eyes of criminals to be exploited.
This is where organization must be hyper-vigilant to ensure that even the most mundane of devices are addressed, placed within strict policies of use, and of course added into the environment to be monitored at all times.
But it does not end there. I use lightbulbs as an example as they are probably one of the most benign and commonplace items in our world. Every house, every school, every office, and every other place we frequent are lit by lightbulbs. So why notice something that is ever-present, that until now represents something as simple as the gift of light.
Here's the even more frightening aspect of this simple IoT enabled devices: bulbs now come with cameras built in. In fact, these are becoming so commonplace that as of today Amazon has them listed for a mere $79.00.
Now, take the inherent security flaws as described where these types of devices become a cyber criminal’s backdoor into an organization’s IT infrastructure, and pair that with the now very real functionality of high-def cameras that enable the recording of anyone, anywhere, anytime. From being able to view computer screens, to people's actions, to even some models with microphones—all of these devices are a monumental threat to security and privacy.
As the world continues to evolve its technology—making the most mundane of aging devices seem new again, we must all pause and evaluate the need, the function, and the risk of IoT from every angle. Only then will we be able to enjoy and benefit from its use, while still maintaining our security and our privacy.
November 24, 2020 | Vanessa Howard
Virtual, Traditional, or Hybrid EOC What do you need to achieve?
An emergency operation centre (EOC) should enable people to respond to and plan the recovery from an emergency as effectively as possible. This is true of a brick and mortar EOC, a virtual EOC, and of a hybrid model. While there are...
Calian Cyber Security White Paper - Data and its importance to endpoint security