Security and the Internet of Things (IoT)
By: Jeffrey Kok, Vice President of Solution Engineer, Asia Pacific and Japan, CyberArk
Today, it seems everything is automated. We can set the coffee pot to begin brewing at 6:30 AM sharp, turn the lights off with remote control, and start the car from inside the house, all with the push of a button.
Once we start going digital it’s hard to stop; we want to automate every single part of our life. We can travel to any destination, regardless of whether we actually know how to get there, trusting our car’s navigation system to lead the way. It’s even easy for people to turn on their home alarm system or adjust aircon settings, all from their smartphone.
By 2020, the amount of Internet-connected things is predicted to reach 50 billion. These numbers are exciting, as they mean that we will become more efficient and technologically advanced. But although the Internet of Things (IoT) is making our lives so much simpler, it can also pose security concerns. As automation increases, it is important that security measures are also stepped up so that we can safely reap all the benefits IoT has to offer. We must never forget that without proper security, we are putting ourselves at risk.
Potential negative effects
In amongst the hype is a growing awareness of the potentially negative effects of IoT. There is an increasing number of reports of connected devices being hacked, often with calamitous results. In a 2015 experiment, a team of researchers was able to take complete control of a Jeep using the vehicle’s Controller Area Network (CAN) bus. They were able to increase or decrease the Jeep’s speed and even drive it right off the road. In the next few years, approximately 90% of cars will be connected to the internet. Given our reliance on cars, whether traditional, electric or driverless, the prospect of our vehicle systems being hacked is quite frightening.
From dolls to aquariums
More recently, hackers have exploited everything from children’s wi-fi enabled dolls in Germany to a thermostat in an acquarium in a casino – which allowed hackers to access the high-roller database. Office printers, home controllers, smart TVs and baby monitors all offer bad actors a gateway into data that users believe is secure. In the worst case, hackers could unleash an IoT botnet – a group of internet-connected computers, appliances or devices that have been co-opted to launch a cyber-attack – with devastating results.
IoT is already transforming the healthcare industry. With pill bottles that remember when they were last opened, wireless devices to monitor heart rate and body fat percentages, and digital glucose testers, it is much easier for patients to practice at-home-care. Doctors are able to remotely track all of these statistics to make sure their patients are well, avoiding unnecessary trips to the office. These devices also let doctors take care of more people throughout the day. But as our data is being sent back and forth to different devices, and stored in multiple data centers, it is at risk of being compromised, especially if the third party vendors don’t take proper security precautions.
This risk was brought home to Singaporeans with the recent massive health system breach. The hackers first broke into the healthcare provider’s IT system through a front-end workstation, and later managed to bypass the security measures and obtain access to patient data.
This latest attack serves as an example of the vulnerability of digitized health data. It is also a reminder of the cleverness and destructive capabilities of threat actors today. The increase in the variety of attack types, as well as the ease with which computers, mobile devices, systems and so on can be accessed, leading to harm, should be the driving factors in pushing cybersecurity to the foreground.
Personal information compromised
With an increase in devices that connect to the internet there is a natural increase in points of entry for hackers to access our data. As more industries automate, more sensitive information will become vulnerable. Our medical records, social security numbers, passwords, and alarm codes are just some of the data that is at risk. There have already been extensive breaches just by having credit cards and digital medical files. If our stance on security remains the same, imagine how much worse it will get when everything is digital. You might not think someone hacking into your wearable device is a problem, but if hackers install malware that uncovers all of your passwords and is able to access your smartphone, all of your personal information and accounts could be compromised.
Identities for control and compliance
IoT takes human interaction out of the equation; instead we have machines making decisions for us. It might seem more precise to have computers zeroing in on our target or deciding when it is safe to change lanes; however, these methods are a lot more volatile than those of human operators if not properly secured.
order to reap all the benefits IoT has to offer, we need to make sure that
security is baked-in to a far greater degree going forward, specifically as it
relates to identity. The enterprises developing these exciting technologies
need to be able to place an identity on all of their devices, users, and
machines that contribute to the development, testing, and production of IoT.
With these newly-created identities, enterprises can then manage the
authorization and authentication of their environment for maximum control and
compliance. Without this important data, organizations will be flying blind
with no insight into who has access to what, when.