The Dark Side of the Internet of Things

The interconnectedness that makes the Internet of Things so revolutionary will present new opportunities for malicious intent as well.

It’s likely you’ve heard the term Internet of Things before. If not, maybe you’ve seen the abbreviation, IoT, or vaguely know something about the concept of connected devices. As a modern consumer, it’s hard to avoid the emerging technology as companies race faster than ever to keep pace and develop their own offerings to live within the IoT world.

Understanding IoT at a high level is fairly simple. The Internet of Things involves putting sensors on everyday objects and devices to collect data that can be leveraged for tracking, improvements, and more. Giving everyday objects network connectivity is revolutionary as it allows any item, whether digital or traditionally ‘offline,’ to be shadowed and tracked, creating a wealth of insights and data in real time.

And businesses of all sizes and in all industries are getting involved. Multinational conglomerates like General Electric are connecting machines and devices in heavy industries like oil, gas and power generation, while smaller consumer-focused companies like FitBit have revolutionized health and wellness with their connected, wearable fitness and activity trackers.

Gartner forecasted that in 2016, there were approximately 6.4 billion connected IoT devices. That figure is expected to more than triple to 30 billion by 2020, and, according to Fortune, reach a staggering 80 billion by 2025.

These devices will connect ideas and infrastructure in new and unprecedented ways, and will undoubtedly transform the way humans interact with each other and the world around them. These new devices may primarily be split into two camps; those that save money, like a smart thermostat that automatically adjusts the temperature when no one’s home, vs. those that save time, like voice-controlled quick ordering via an Amazon Alexa-enabled device.

However, this interconnectedness will present new opportunities for malicious intent as well. The staggering number of IoT devices will offer hackers and criminals countless occasions to mount cyberattacks, collect personal data and damage infrastructure. There are a number of security and privacy issues that IoT manufacturers and distributors need to address to ease consumer concerns and ensure they’re well prepared for the industry’s growth.

cyber security

And cyber attacks are nothing new, as evidenced by the Equifax data breach just last month. The credit agency joins a long list of businesses that have compromised customer data, including major retailers like Target, Whole Foods, Pizza Hut and Home Depot. What makes the Equifax breach unique and particularly alarming is that the agency was informed of its security software shortcomings, but failed to take action before hackers identified the flaw and exposed millions of individuals’ personal financial information.

With the rapid proliferation of IoT, the landscape for extortion, threats and criminal activity has shifted into even darker, and more personal, territory. We’ve already seen instances of common household items connected to the internet being attacked and used maliciously. For instance, a baby monitor was hacked and used to eavesdrop on the family last year. Medical devices dosing out vital medicines like insulin pumps or implantable cardiac defibrillators have had their significant security shortcomings exposed, and tech experts have demonstrated how easily they can be hacked to administer dangerous or even fatal doses.

Last year, a cyber attack through the Mirai botnet brought down a large chunk of the American internet. The outage was a caused by a distributed denial of service (DDoS) attack, and impacted Twitter, Netflix, Reddit, CNN, and many other major news and social media outlets. The attack was particularly unique in the way it was orchestrated. Cyber attacks have traditionally happened through botnets of computers. The Mirai botnet was largely made up of IoT devices like DVRs, and, for that reason, was much larger and more difficult to handle than a computer-organized attack could have been.

So, what can businesses do to protect themselves in this new world? We outline a few ideas below.

Ensure that security is a prerequisite when developing products and offerings

+ Make device cybersecurity a baseline criteria standard for product approval

+ Don’t approve any new products that do not meet your security standards. For instance, if the product or device doesn’t allow the user to update their password in regular intervals, don’t implement the device.

Practice what you preach

+ Train your employees on the importance of cybersecurity. They are the face of your business and should be well-versed in the security measures available to customers.

Empower your customers

+ Remind customers to take personal security into their own hands and encourage them with outreach like regular reminders to change their password.

+ Offer tutorials and FAQs on account security best practices.

Be proactive, not reactive

+ Create a plan of action in the event that security is ever breached.

Leverage third party tools and software to increase your protection.

+ For instance, Intel recently launched the Intel® Secure Device Onboard (SDO), which securely automates and brings IoT devices online within seconds rather than hours. The software can help retailers onboard thousands of connected devices quickly and easily, and leverages Intel’s proprietary security solution to safeguard devices from hackers with encryption and anonymous authentication.

Being aware of the shortcomings and concerns associated with IoT will soon become a necessity for any well-informed retailer or brand as IoT devices saturate the technology market. Beyond just encouraging awareness, Gorilla recommends that retailers take a proactive approach to cyber security for their businesses and customers to help safeguard against the high likelihood of a digital attack or hack.