As the technology industry prepares to celebrate technical achievements in connecting objects together, the UK training provider, QA, warns that from a security perspective, the Internet of Things (IoT) is broken.
The rise of objects that connect to each other and to the Internet - from cars to pacemakers - is unleashing a wave of new possibilities for data gathering, predictive analytics and IT automation. However, as well as providing opportunity for business intelligence, these objects also pose opportunity for increased cyber-attacks.
Richard Beck, Head of Cyber Security at QA, comments: "There are still many organisations that are yet to engage and understand what the Internet of Things (IoT) means for their environment. More so, the drive to higher profit margins is causing security issues to be ignored."
QA is urging organisations to account for the 'human element' when it comes to setting IoT policies, investing in and deploying connected technologies. The company is calling for businesses to plan for adequate education of staff in order to protect organisations from an increased attack surface and significant increase in privacy vulnerable applications and devices.
Richard continues: "When it comes to securing the IoT, we're operating in the equivalent of the cyber security stone age. The security and privacy implications around the growing connectivity of devices is well-documented – an ever increasing attack surface, ever more sophisticated cyber criminals and users' acceptance that technology will permeate every aspect of their lives."
"As it stands today, from a security and privacy perspective, the IoT is broken. There is no quick fix and we're operating with an element of risk. What's the answer? Technology has a role to play for sure. At the very least those organisations and software development teams should consider the privacy challenges of their connected products, devices and platforms. Offering a level of encrypted service for 'sensitive' information flow, with authenticated access should be built in user interfaces. The battle ground for the 21st century IoT will be won and lost on the grounds of privacy and strong security controls. Regulators should at least recommend and in time mandate minimum security controls to avoid the continued exposure of our sensitive and private data as we adopt more and more connected technology services at a consumer and business level. This won't offer 100% protection today, but it might move us on from the cyber security stone age – before the perfect 'privacy storm' strikes."
"From the office lighting system and alarm system to wearable technology, almost every business has a connected device operating in it. However, white-hat hackers are finding and regularly reporting vulnerabilities, leaving users open to a potential privacy or data breach. It's only a question of time before IoT devices are used to pivot into sensitive business areas avoiding legacy security controls. It is important employees have an understanding of exactly how they can protect themselves against being targeted. In some cases, it's as simple as switching off Bluetooth."
QA runs a comprehensive cyber security training curriculum including an introductory course 'Understanding the Internet of Things'.