Mitigating IoT Cyber Risks: Training Is The First Step

Uploaded on 2018-07-24 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW, TECHNOLOGY--Developments, TECHNOLOGY-Key Areas-Internet of Things, TECHNOLOGY--Resilience

The Internet of Things (IoT) is increasingly becoming an integral part of our everyday lives. From fridges to watches to Alexa virtual assistants and the cars we drive, more and more households are introducing IoT devices into their daily routines.

In fact, it’s projected that the number of IoT devices will reach 125 billion by 2030. However, while the concept of a truly connected lifestyle is an exciting one, it also introduces a number of new risks.

Recent news that plumbers are receiving cybersecurity training due to an increase in smart heating devices further highlights that cybersecurity is broadening its reach into various trades because of IoT. Roles which five years ago we would never have thought of as requiring cybersecurity training, will need it as adoption of connected devices for business continues to rise.

As homes become more connected, the tradespeople who install and service IoT devices need to be more aware of the cyber risks associated with them, particularly when they involve personal information.

Many of the smart devices being used within the home currently lack basic cybersecurity provisions, which could lead to the theft of personal data and the intrusion of private spaces and networks. Security is needed to protect IoT integrity and to reduce the risk that it may be used for hostile purposes, so there is a real necessity to educate people who work closely with IoT devices around how to detect and deal with a security issue.

That is not to say that the rise of IoT adoption, both in a consumer and industry sense, is not a positive. Introducing a more connected world means an increase in productivity and efficiency, with companies being able to analyze the data from a device – whether that is a smart meter, boiler or even lights – and respond to customer issues much quicker.

But realizing the potential of these connected devices should be considered alongside the introduction of robust security measures.

Most importantly, for any company or individual working within the IoT space is to understand how the IoT system works as a complete system. A lot of people only think about the individual device, for example, an engineer who has traditionally worked with unconnected machines where there is no need to think about the whole estate, and forgets the fact that an entire eco-system is connected to that one device.

An IoT device is also connected to the company it was developed by and the entire network of similar devices through the applications, databases and reports its data feeds into. So, in just a couple of hops, your house is connected to thousands or millions of others. Each device connection contains potential risk, which is what makes the whole network vulnerable to attackers.

Organizations need to instigate the education of a wider understanding across all employees that one device is linked to an entire community and data constantly going in and out of this community. Understanding the complete system with its applications, databases and reports gives a greater perspective to the different routes and vulnerabilities a hacker could take advantage of.

An engineer must be able to understand the data flow between the device and the eco-system so that they can identify issues, including a breach should it happen. They should be able to understand weaknesses in the system and how devices can be kept updated with patches as they are being serviced. Understanding this bigger picture is vital to mitigating the security risks involved in IoT adoption. 

Furthermore, the public also needs to be made aware of the new risks involved in integrating IoT devices. For example, someone could turn up to the house to allegedly service a smart-meter, but instead access the house and its Wi-Fi and install malware onto the network. This then enables an attacker to steal critical personal data or use systems as part of a botnet.

In recent news, a criminal organization has even hacked cashpoints by installing devices which steal credit card information as it enters the ATM. Of course, it doesn’t have to be malicious, it could be an error by a legitimate installer.

At the simplest level, forgetting to change the default password on the device, through to a compromised laptop which when attached to a home network seeks out other connected devices to install malware on.

While the rise in IoT means our day-to-day is becoming more connected and essentially streamlined, it is vital to educate everyone, from plumbers and engineers to the general public, in the risks involved with adopting increased connectivity and how it can be mitigated.

The government recognizes the need and is putting money into cybersecurity training for services personnel, this needs to be matched by businesses to continue to build trust between consumers and the next generation of connected technology.

Infosecurity:

You Might Also Read:

Internet Of Things Brings Threats To Security

« Darktrace - From Cybersecurity Start-Up To Unicorn
Fraudsters £350k Spoof University Emails »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

Haltdos

Haltdos

Haltdos is an AI driven website protection service that secures websites against today's cyber threats.

Woz U

Woz U

Woz U provides best-in-class technology training for Learners, Higher-Ed and Corporations. We focus on the most in-demand occupations such as Software Development, Data Science and Cyber Security.

Callsign

Callsign

Callsign’s mission is to seamlessly power the identification of every web, mobile and physical interaction.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

LUCY Security

LUCY Security

LUCY is the answer when you want to increase your IT security, maintain your cyber security awareness, or test your IT defenses.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

Infinidat

Infinidat

Infinidat delivers enterprise-proven solutions for data storage, data protection, business continuity, and sovereign cloud storage.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

LegalByte

LegalByte

LegalByte is a leading provider of comprehensive legal and forensic services dedicated to addressing the complex challenges of the digital age.

Netcraft

Netcraft

Netcraft is a global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks.

Reco AI

Reco AI

Reco is an identity-centric SaaS security solution that empowers organizations with full visibility into every app, identity, and their actions to control risk in their SaaS ecosystem.