The Internet of Things and cyber security: what are the risks?

blog image

CybSafe

We are CybSafe. We’re a British cyber security and data analytics company.

June 22, 2021

In today’s society, we are more interconnected than ever before. The devices we use are linked in unprecedented ways. A big factor behind this is the rise of the Internet of Things (IoT). It brings internet connectivity to a range of devices. From watches and phones to fridges and cars, IoT aims to make our society ‘smarter’.

There’s no doubting the potential of the Internet of Things. But there’s also no escaping the risks. A more connected world gives malicious actors more opportunities for crime.

So let’s explore the nature of this threat. What can we as businesses and individuals do to better protect our devices?

 

Be aware of your digital footprint

A lot of what we do leaves some form of footprint. Although it may be harder to see, this is no different in the digital world.

Whenever we interact with an IoT device, it creates a connection between the cyber and the physical world. Through a wireless interface, digital assistants or apps on our phones issue commands to external devices. These devices are present in our homes, cars or offices.

This connection creates an IoT footprint, which goes beyond the domain of the original device. Unfortunately, this also opens the door for exploitation.

 

What’s the threat?

Many devices we use every day are now connected to the internet, and the wireless interfaces on these devices can be a threat to our personal data. 

At home, this can be through our smart home devices. Offenders can exploit connected devices such as smart locks to commit a burglary. Many of these devices also control a physical action, such as opening a garage door. Criminals could exploit the remote control functionality of these devices to break in.

On a public level, ‘Smart Healthcare’ is helping improve patient care and efficiency. But this is also increasing the risk of confidential data falling into the wrong hands. This can lead to a distributed denial of service attack, which can pose a physical threat to patients.

 

The law and IoT

Such threats need a strong response. Given the pace of innovation we have seen with IoT devices, it can be a challenge for legislation to keep pace. The pandemic has seen a huge uptake in smart devices, making the urgency of this challenge even greater.

The UK government is taking steps to address this threat. In April this year, they announced new laws compelling manufacturers to increase the level of security for connected devices. Companies must now inform customers on how long their devices will receive updates for. Simple default passwords also face a ban.

These measures are great first steps in making our smart devices more secure, but we can go further. Only 2% of devices encourage people to use two-factor authentication for online accounts. Only 17% can be locked to prevent unauthorised access. Clearly, we can do more.

 

What can we do

Whilst we wait for legislation to catch up, here are measures we can take as individuals to further protect our smart devices. 

First things first, it’s always wise to research a device before buying. Some manufacturers will have integrated more security measures than others. Check for availability of software updates and assurances your personal data will be protected.

Another simple but effective step we can all take is changing default passwords. Many devices will come equipped with passwords already installed that are easy to guess for criminals. Practicing good password hygiene always reduces our risk to cyber threats. These steps, whilst simple on the surface, go a long way in keeping us cyber secure in a smart society.

If you want to find out more about IoT and the risks of our digital footprints, read our research paper, in collaboration with the NCC Group, here.

Try it yourself or see it in action