In a recent article we discussed the growth of wirelessly interconnected devices and the transformative impact it will have for business and more broadly on our lives. In that article we broadly highlighted some of the key issues businesses will need to consider and navigate to realise the benefits which people anticipate will be achieved as the 'Internet of Things' gathers momentum.
The purpose of this article is to consider in more detail the challenge of security in a world of increased device connectivity.
Security in an IoT world
Businesses are striving to introduce wireless internet connected devices to achieve productivity gains in manufacturing, distribution, improved customer insights etc. In doing so, however, they are not adequately considering the security ramifications associated with the introduction of such devices.
The most fundamental problem with internet connected devices is that they increase the vulnerability of a system by creating more avenues for hackers to exploit. Various security weaknesses in internet connected devices have already been exposed from cars having their brakes disabled to webcams being hijacked and fingerprints being stolen from phones with fingerprint sensors. A study of 10 popular IoT devices in July 2014 in areas like TVs, home thermostats, door locks etc identified 250 vulnerabilities including insecure firmware and poorly protected access credentials.
Indeed one of the impediments to the growth of IoT devices is the current lack of interoperability. Currently device manufacturers are not developing the devices to common standards. This creates challenges in enabling IoT systems to communicate and integrate data. Unfortunately, by improving interoperability we simultaneously increase the capacity for the unscrupulous to hack those systems. As IoT devices become more standardised to enhance interoperability, hackers become more familiar with the manner in which IoT devices operate increasing their ability to break those systems.
Compounding this issue is the capacity of IoT devices' hardware to actually provide appropriate security. Often such devices are intended to be cheap and disposable. Security requires higher processing power which in turn increases the cost of the processors incorporated in IoT devices. For example, the processors currently available in wearable fitness devices are arguably incapable of providing the processing power necessary to run quality security measures. Furthermore, in a disposable world, because it is not financially viable vendors are often unwilling to update old products. This means those devices are not protected from new and evolving threats.
Issues to Understand
As most people understand, there is no guarantee that any IT infrastructure can be made completely secure. Systems are constantly subjected to attacks to identify and exploit vulnerabilities. Furthermore, because security measures introduced are often reactive they are frequently redundant at the time of their introduction as hackers identify new ways to penetrate systems.
So in an increasingly IoT connected world what are some of the questions businesses need to be asking in relation to IoT devices or systems they're using or intending to use?
The purpose of this article is not to discourage the introduction of IoT devices into a business's operations or products. Nor does it suggest that it is possible to guarantee that the security of IoT can ever be guaranteed. That said, it does provide a list of some questions any business should consider in introducing IoT devices so that it can adequately evaluate the costs and benefits associated with that introduction and put in place appropriate mechanisms to minimise the impact of any security breach caused by the IoT device.