There is a new breed of ‘thing’ ready to compromise your security.
Back in 1982 long before the world got connected a horror film called ‘The Thing’ hit the big screen. The ‘thing’ in this instance was an extra-terrestrial life-form that assimilates other organisms and in turn imitates them. In this story, it manages to infiltrate an Antarctic research station, taking the appearance of the researchers that it absorbs, and paranoia develops within the group.
Was this a warning as to what would come 34 years later? You would be forgiven for thinking so. As collectively we sit here now allowing many, many ‘things’ to connect to the internet in both our homes and offices, containing information that may be used to harm us. The Internet Of Things (IoT) has been around now for a handful of years, but it’s rapidly entering the mainstream.
With the holiday season just around the corner, all manner of high street consumer electronics vendors are tempting us with ‘connected’ devices, from thermostats, to security cameras, smoke detectors, entertainments devices, lighting, washing machines, coffee makers; need I go on? They are marketing them as ‘smart’ devices, ‘connected’ devices, or part of a ‘smart home’. It is time to live like the Jetsons, where at the swipe of a finger on your smartphone you can control every labour-saving device and appliance in your home.
But with every’thing’, comes a new risk. Every connected device potentially has security vulnerabilities that if exploited could be used to compromise your personal or business data. Cyber thieves will use these vulnerabilities as gateways to infiltrate deeper and deeper into networks to obtain data that has potential monetary value, or that can cause major disruption.
This was proven back in October when a major cyber-attack that affected 80 major websites and was blamed on the Mirai botnet that largely targeted unprotected IoT devices, including internet-ready cameras. These devices were used to overload servers at Dyn, a domain name service provider, in a distributed denial of service (DDoS) attack.
The challenge is that the IoT market is predicted to grow to $1.7 trillion in 2020 from $655.8 billion in 2014, according to research firm IDC, as millions more devices come online and connect to a supporting range of platforms and cloud services. So there is going to be great pressure from all IT vendors, who are watching traditional sales of computing devices such as laptops, tablets and even smartphones starting to level out, or in some areas decline, to find new sources of revenue. IoT is that rich new seam.
So how can a consumer, or professional protect themselves against this highly tempting wave of new functionality? One of the first questions to ask is, do you really need this ‘thing’ and it’s promised functionality? That may sound obvious, but many of us have drawers, or lofts full of devices that historically promised to revolutionise our lives, only to be discarded relatively swiftly. Alternatively, if your new TV, fridge or other ‘thing’ unavoidably comes with connected functionality, doesn’t mean you must connect it. If the benefits of connection are not beneficial, then don’t feel compelled to use them.
If you are going to connect them then perhaps do it in a separate network, one that is safely away from your shared files. Of course, picking strong passwords for these devices is a must; never accept the default ones and make sure that you have different passwords for each device. Finally, be sure that you have the latest firmware / security patches applied to the device by checking with the vendors support website. These few basic steps will then hopefully stop all but the most persistent cyber thieves. Just like physical security criminals look for the weakest link; if you are relatively secure they will move on elsewhere to find their less secure prey.
The ultimate responsibility is of course on the vendors to make all their ‘things’ as secure as possible and new industry bodies are forming to help them do this. One such organisation, the IoT Security Foundation, has a stated mission to “help secure the Internet of Things, in order to aid its adoption and maximise its benefits”. This non profit organisation wishes to propagate good security practise in order to raise user confidence. With members including high profile names such as IBM, Intel, BT, Huawei, Philips, Vodafone and a wide range of working groups looking at all aspects of IoT security then I’m personally very hopeful that IoT security shortfalls will be relatively short lived.
In the film in order to eradicate the ongoing threat of ‘the thing’ the surviving researchers had to dynamite their entire Antarctic complex. Lets just hope that to keep you and your business safe from this generations ‘thing’ you don’t have to go to quite such extreme measures.