The Internet of Things (IoT) is destined to change how we live and work by merging the digital with the physical. But there’s a dark side to this evolution.
The Internet of Things (IoT)
Previously referred to as Ambient Intelligence, and now often referred with the label “smart“-objects, the Internet of Things, or IoT is a framework of networking among physical objects, which enables an infrastructure of objects, that can be monitored, remote controlled, automated and whose data can be collected and analyzed in the Cloud.
With everything from home appliances to smart vehicles, portable devices are connected to the internet and exchange crucial data. According to the statistics, in 2018 there were 7 billion IoT devices around the globe, but by 2019 that number was up to over 26 billion. Which statistically leaves every citizen of the world with at least 3 devices.
The use of IoT technologies in everyday life is creating pervasive threats to privacy and security — threats that have yet to be adequately tackled. The rapid growth of internet-capable devices is set to create a staggering amount of data that could potentially be intercepted and manipulated.
For the most part, people must fend for themselves to ensure their IoT devices are secure and as hack-proof as possible. That includes paying attention to consumer product alerts and installing security device patches from device manufacturers.
The amount of data an IoT device collects depends on the device, but the way data is sent back to device manufacturers and how they store the data, is up to the manufacturers. The trend today is to have everything in the cloud, and this is the direction IoT devices are moving in as well. Basically, the sending of commands to an IoT device via a mobile phone can travel around half the world and go through several servers before an action is carried out. This information could be intercepted or rerouted to a malicious server, and be abused if not properly secured. Furthermore, hackers can breach data stored by manufacturers to collect a mass amount of personal information, which depending on the device, can include type of device, IP address, other devices connected to the network, location and more.
IoT in the Home
One of the largest targets of IoT is the connected home market — the IoT space where your appliances and light bulbs, are connected and can be programmed and controlled for cosmetic reasons, for security reasons or, for example, to reduce their energy consumption.
The big guys are trying to develop a vertical strategy, whereby they provide all the components: beyond smart appliances, they would offer smart controllers/hubs, intra-objects connectivity and cloud services. From Samsung, to GE and Philips, from Apple to Google and Amazon, everybody is trying to take a piece of this cake.
Unfortunately, most products are obsolete the day they have been purchased in store. And because they are obsolete they represent a vulnerability. This is why a lot of devices require a firmware, or software, update prior to the first use. Security is a dynamic game, the more updated your smart objects are, the more protected they are.
With IoT, the possibility of personal data violation increases multifold. Over the past couple of years, we have already seen a few instances of everyday devices such as baby monitors, TV sets and cameras, including, ironically, security cameras, being used to launch these attacks
IoT in Healthcare
One industry where the IoT has really taken hold is healthcare. The advances that have been made in recent years are staggering — we now live in a world where healthcare is moving from reactive to proactive and data from wearables, monitors and other devices is saving lives.
Health care is an area where the IoT shows great promise but carries great threats. Recent ransomware attacks have targeted health-care IT systems successfully. Gartner predicts more than one-fourth of attacks in the health-care sector will target the IoT. For health-care businesses, the IoT raises the stakes because traditional cybersecurity doesn’t always ‘walk the talk‘ when it comes to the IoT. Devices deployed by providers and insurers often are located in remote locations and some of those devices may lack security features that can reduce the risk of remote hijacking.
The issue is that progress is moving too fast for security to keep up — and that means human error as well as technological. Part of it is the cybersecurity piece that we have grown accustomed to — the bad actors that will exploit software flaws to remotely unlock your car and steal your bank details are the same ones that will crack the encryption on your blood pressure monitor for perhaps more sinister purposes.
The ‘people‘ risks are a bit more subtle, though. More connected devices means more data overall, which, means that there are more opportunities for insiders to cash in. Almost 60% of healthcare systems breaches involve inside actors and at least 25% of healthcare workers know of someone who has sold on confidential information.