How to secure your business | IoT & cyber risks
The internet of things (or IoT) is perhaps most synonymous with devices like Amazon’s Alexa or Google Home, but it’s also making waves in the business world too. In this article, we explore what it is, how it’s being used and the security considerations businesses need to take into account when adopting IoT technologies.
What is the internet of things?
The internet of things (IoT) refers to the network of objects (things) that feature technologies which enable them to collect and exchange data with other devices or systems over the internet. It’s sometimes referred to in a broader sense as the internet of everything (IoE), which is a more general term for the interconnectivity of technologies, processes and people.
While at-home IoT adoption has risen rapidly over the past couple of years, with smart home systems such as Amazon’s Alexa and Google Home now common mod cons, you’d be forgiven for feeling like it all appeared out of thin air. But actually, the concept has been around for quite some time. In fact, the term ‘Internet of Things’ is said to have been coined back in 1999.
Yet it wasn’t until the following decade that businesses began to really flesh out the potential of IoT. In 2009 Chinese Premier Wen Jiabao announced IoT as an area of focus for China - key to moving forwards following the global financial crisis of 2007-2008. In 2011, a number of American and European technology companies released initiatives on the topic, and Gartner’s ‘Top 10 Strategic Technologies List’ in 2012 listed the Internet of Things at #4.
Since then, many enterprises have begun to harness the power of IoT technologies to drive business transformation. Particularly in industries that involve an abundance of data and machinery, the processes of which can be connected and streamlined by IoT solutions.
How is IoT technology being utilised by businesses?
While the adoption of IoT in many industries is still its infancy, others have made fairly rapid progress over. Let’s look at some of the core industries making IoT work for them.
Healthcare
As a data-heavy industry, healthcare lends itself to IoT solutions. One application for which it’s particularly useful is patient monitoring. For example, while in the past, an elderly person needing to carefully monitor vital signs would typically visit their doctor in-person, on a regular basis, wearables devices may enable them to be constantly monitored at a distance. This makes life more convenient for them, as fewer check ups should be needed and the regular data enables healthcare professionals to spot any concerns sooner than they may have been noticed otherwise.
The hospital environment is another hotspot for IoT. With important equipment constantly on the move, sensors can enable healthcare workers to locate devices as and when needed, as quickly as possible.
Manufacturing
Manufacturing, which involves many machines, repetitive processes, also lends itself well to the IoT. In fact, some now call it the industrial internet of things (IIoT), when applied in this context. Machine downtime, quality control and lack of visibility are issues that commonly plague the factory floor, and by gathering and processing data IoT sensors and technology, it’s possible to identify recurrent patterns so that they can be addressed, leading to higher levels of productivity and quality - and, crucially, ROI.
For manufacturers considering how the IoT may be able to help them, SensrTrx has put together a great guide, as well as an ROI calculator to help you figure out whether it’d be worth the investment for you.
Transportation
From smarter traffic lights to applications that deliver accurate information about public transport in real-time, the applications for IoT in transportation are endless. In fact, it’s been predicted that the value of IoT in transport is expected to grow to $328.76 billion by 2023.
Utilities
Smart meters are the largest scale application of IoT in the utility industry so far. They make it possible for consumers to receive feedback, flexible tariffs and more customisation around their energy usage. They also enable real-time information to inform energy production and distribution more efficiently.
Why are IoT cyber risks worrying for businesses?
Although the application of IoT technology can improve efficiencies for businesses and should provide a ROI, they come with new risks that need to be carefully managed. Essentially, each device IoT device is a potential entry point for hackers to your business data, which can enable them to:
Collect valuable information
IoT devices are constantly collecting data. This may be useful for your business, but what if this data gets into the wrong hands? Best case scenario, it could be used by other businesses, to sell you their offers and services. Worst case, it could get into the hands of criminals, enabling them to steal information.
Be hijacked for malicious purposes
Back in 2015, security researchers managed to hack into the computer systems of a Jeep, killing its transmission and causing the recall of 1.4m vehicles. So just imagine the possibilities when we're surrounded by hackable devices, in our homes, workplaces and everything in between. It could pave the way for covert surveillance, cars being hijacked, or security systems being compromised.
Attract zombie botnets
In 2016, a massive DDOS (distributed denial of service) attack temporarily brought down some of the biggest websites in the world, including the Guardian, Netflix, Twitter and CNN. Hackers did it by attacking Dyn, which controls much of the internet's domain name system, using a zombie botnet of around 100,000 IoT devices. And this is one of the big risks of the IoT - not only are there now millions of connected objects, but they usually have lower levels of security than more sophisticated computers. That means they can more easily be taken over and used for these kinds of attacks.
IoT security considerations for businesses
IoT devices are unfortunately infamous for security issues. These issues tend to be caused by two things: the fact that security often isn’t given too much consideration during the product design process and then the fact that there’s often limited post-purchase support, in the form of product experts or updates and patches. Because this is the case, it’s important that any business utilising IoT technology has in-house IT security support, capable of understanding the network architecture and building and implementing an IoT security strategy.
What can you do to protect your business?
To avoid becoming a victim, or inadvertently helping to cause an attack elsewhere, IoT security should be taken as seriously as with any other computer or device. Here are some key ways to shore up your defences:
Evaluate IoT devices carefully before buying
While security by design is now being given importance by many IoT companies, some manufacturers still don't think it's worth their time and money building security into connected devices. So, make sure you research what you’re buying to find out what security has been considered, if any at all, and how this could impact your business.
Change passwords on IoT devices
It's all too easy to stick with the default password when using a connected camera or coffee machine. But you should treat these devices like any other computer, choosing a unique password and changing it regularly. Find out more about good password practice in five password tips for better SME security.
Update software and patches regularly
Failing to install software updates and patches on IoT devices can leave them vulnerable to attack. So, keep an eye out for new releases from the manufacturer and install them promptly.
Avoid 'orphan' devices
To avoid giving hackers an easy backdoor into your systems, make sure you remove all the data from old IoT devices and disconnect them from your systems when you replace them. Also consider returning old electronics to the manufacturer, who is obliged to recycle them under the Waste Electrical and Electronic Equipment Directive (WEEE).
Invest in a protective shield
Perimeter based security is unlikely to be enough if you have multiple IoT devices connected to your networks. Instead, consider investing in a cloud-based protective shield which will stop any malware before it gets near your apps and devices. This kind of technology will also allow you to monitor all data traffic in real-time, enabling you to identify anything unusual as quickly as possible.
Insurance for businesses using IoT
In addition to a solid cybersecurity approach, it’s important to consider insurance. A robust business insurance policy, including cyber insurance can provide specialist technical and financial assistance in the event of a cyber attack. And if you’re developing IoT products, you’ll certainly want to think about specialist IoT insurance!