What Exactly is IoT?
Recently there has been a lot of discussion about IoT (the Internet of Things) in the tech world because of its huge growth in both the consumer and business sector, which is only estimated to grow even more, with around 25-30 billion devices being deployed by 2020. This would equate to around 3 IoT devices per person. IoT has also been a hot topic in cybersecurity discussions because although it does have many attractive benefits, there are a great many threats to watch out for.
What is IoT?
There are many varying definitions of what exactly IoT is, which can make it a concept that is hard to grasp. Technopedia describes it as the concept of everyday physical objects being connected to the internet and being able to identify themselves to other devices. These objects are more than just smartphones and tablets, they can also be smart-watches, radios, lights and smart assistants such as Alexa; basically anything that can connect to the internet. The growth of this concept is significant because it marks a change in our general relationship with the internet: the internet was first formed by data that was created by people, but now it is formed by data created by things. This means that these digital physical objects become more than physicals objects because they are connected to other IoT devices and very large amounts of data.
What are the threats of IoT?
As we have established, IoT is a very broad term covering a very broad topic. It would be impossible to list all the potential threats that it poses, let alone to explain them all. Here are just a few key topics of discussion:
- Difficult to manage – As IoT encompasses so many devices that a user has access to every day, it can become difficult to even keep track of all the devices that your employees are using, let alone establish an effective cybersecurity policy to protect them. Therefore these devices can provide a weak entry point for cybercriminals. The key to this is good mobile management and a BYOD policy. Generally speaking, the most effective fix to most cybersecurity threats is to create and implement cybersecurity policies that your employees are aware of so they know when they are being safe on their devices and when they are not. See our blog post about Shadow IT which addresses this topic here.
- Access to personal data – Because more and more employees are using their personal devices at work and for work, this allows cybercriminals to access employees' personal data. This data can then be used to create socially engineered cyber-attacks such as phishing e-mails which can be even harder to distinguished as they are so personalised that they blend in with the e-mails you usually receive or use personal information to gain your trust. Again, the key to this is developing a good BYOD policy as well as educating your staff on how to spot a phishing e-mail.
- Lack of awareness – As these technologies are constantly being developed and evolved over time, it is hard for IT leaders, consultants and users to keep up with them and fully understand how they work, therefore it is harder to understand the best security methods to put into place. Education is needed on IoT, AI and Blockchain in order to create the most effective cybersecurity policies, or you need to seek out IT staff that specialise in this new technology. (Did you know that one of the advantages of outsourcing your IT is that outsourced companies have to keep up to date with new and developing technology as they deal with a wide variety of clients? See our blog post on why you should consider outsourcing here)
- Cryptojacking – Cryptojacking is just one example of how IoT is being manipulated by cybercriminals. There are many inventive ways that IoT devices can be used against the user. One such way is by using the processing power and cloud CPU usage of these devices to mine cryptocurrency as the criminal’s benefit and at your expense. This can be very hard to detect. See our full post on Cryptojacking to understand how this process works.
Hopefully, this post has given you a general overview of IoT and what to consider when thinking about its place in cybersecurity. We will be following up with more posts on this topic, please get in touch by tweeting us @XenaceLtd we would very warmly welcome any requests for any specific areas within IoT that you would like us to explore. It is a huge topic but the key to successful implementation is understanding, and with its exponential growth in the workplace it is better to start talking about it sooner rather than later.